Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Mageia 8 Moderate: 2023-0085 Access Control Threats in Intel Processors

mageia
Calendar Grey March 11, 2023
Dist Mageia Esm H88
Revised firmware updates address security vulnerabilities that enable unauthorized access in Intel chipsets.
Updated microcode packages fix security vulnerabilities: Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Process...

Summary

Updated microcode packages fix security vulnerabilities:
Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network access (CVE-2022-21216 / intel-sa-00700).
Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local access (CVE-2022-33196 / intel-sa-00738).
Incorrect calculation in microcode keying mechanism for some 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable information disclosure via local access (CVE-2022-33972 / intel-sa-00730).
Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potential...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=31581

- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html

- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00730.html

- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html

- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html

- https://www.cve.org/CVERecord?id=CVE-2022-21216

- https://www.cve.org/CVERecord?id=CVE-2022-33196

- https://www.cve.org/CVERecord?id=CVE-2022-33972

- https://www.cve.org/CVERecord?id=CVE-2022-38090

Topics%20covered

Topics Covered

security advisory moderate privilege escalation access control Intel Mageia microcode

Resolution

SRPMS

- 8/nonfree/microcode-0.20230214-1.mga8.nonfree

Publication date: 11 Mar 2023
URL: https://advisories.mageia.org/MGASA-2023-0085.html
Type: security
CVE: CVE-2022-21216, CVE-2022-33196, CVE-2022-33972, CVE-2022-38090

Topics%20covered

Topics Covered

security advisory moderate privilege escalation access control Intel Mageia microcode

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here