Debian 10: DLA-3537-1 Critical Intel Microcode Security Issues
debian lts
August 22, 2023
This update ships updated CPU microcode for some types of Intel CPUs and provides mitigations for security vulnerabilities
Summary
CVE-2022-40982
Daniel Moghimi discovered Gather Data Sampling (GDS), a hardware
vulnerability which allows unprivileged speculative access to data
which was previously stored in vector registers.
For details please refer to https://downfall.page/ and
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/gather-data-sampling.html
CVE-2022-41804
Unauthorized error injection in Intel SGX or Intel TDX for some
Intel Xeon Processors which may allow a local user to potentially
escalate privileges.
CVE-2023-23908
Improper access control in some 3rd Generation Intel Xeon Scalable
processors may result in an information leak.
For Debian 10 buster, these problems have been fixed in version
3.20230808.1~deb10u1.
We recommend that you upgrade your intel-microcode packages.
For the detailed security status of intel-microcode please refer to
its security tracker page at:
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: intel-microcode
Version: 3.20230808.1~deb10u1
CVE ID: CVE-2022-40982 CVE-2022-41804 CVE-2023-23908
Debian Bug: 1043305
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!