Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Mageia 8 MGASA-2022-0193 Moderate: Intel Microcode Security Issues

mageia
Calendar Grey May 21, 2022
Dist Mageia Esm H88
The latest firmware updates for Intel processors tackle a range of vulnerabilities, including data exposure and service interruption threats.
Updated microcodes for Intel processors, fixing various functional issues, and at least the following security issues: Sensitive information accessible by physical probing of JTAG...

Summary

Updated microcodes for Intel processors, fixing various functional issues, and at least the following security issues:
Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access (CVE-2022-0005).
may allow an authenticated user to potentially enable information disclosure via local access (CVE-2022-21131).
Improper input validation for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable denial of service via local access (CVE-2022-21136).
Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (CVE-2022-21151).
For info about the other fixes in this update, see the github reference.

References

- https://bugs.mageia.org/show_bug.cgi?id=30425

- https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220510

- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00614.html

- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00616.html

- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00617.html

- https://www.cve.org/CVERecord?id=CVE-2022-0005

- https://www.cve.org/CVERecord?id=CVE-2022-21131

- https://www.cve.org/CVERecord?id=CVE-2022-21136

- https://www.cve.org/CVERecord?id=CVE-2022-21151

Topics%20covered

Topics Covered

security advisory denial of service information disclosure security issues Mageia Intel processor microcode updates

Resolution

SRPMS

- 8/nonfree/microcode-0.20220510-1.mga8.nonfree

Publication date: 21 May 2022
URL: https://advisories.mageia.org/MGASA-2022-0193.html
Type: security
CVE: CVE-2022-0005, CVE-2022-21131, CVE-2022-21136, CVE-2022-21151

Topics%20covered

Topics Covered

security advisory denial of service information disclosure security issues Mageia Intel processor microcode updates

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here