What Are You Looking For?

Popular Tags

Sign Up
MGASA-2023-0244 - Updated microcode packages fix security vulnerability

Publication date: 26 Jul 2023
URL: https://advisories.mageia.org/MGASA-2023-0244.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2023-20593

Under specific microarchitectural circumstances, a register in "Zen 2"
CPUs may not be written to 0 correctly. This may cause data from another
process and/or thread to be stored in the YMM register, which may allow
an attacker to potentially access sensitive information (CVE-2023-20593,
also known as Zenbleed).

This update adds the microcode for Amd Epyc gen 2 cpus. Other Zen 2 based
CPUs will get their microcode update at a later time when Amd has fixed
and validated the microcodes, see the referenced Amd url that has info
about estimated timelines for various CPUs.

References:
- https://bugs.mageia.org/show_bug.cgi?id=32142
- https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20593

SRPMS:
- 8/nonfree/microcode-0.20230613-2.mga8.nonfree

Mageia 2023-0244: microcode security update

Under specific microarchitectural circumstances, a register in "Zen 2" CPUs may not be written to 0 correctly

Summary

Under specific microarchitectural circumstances, a register in "Zen 2" CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information (CVE-2023-20593, also known as Zenbleed).
This update adds the microcode for Amd Epyc gen 2 cpus. Other Zen 2 based CPUs will get their microcode update at a later time when Amd has fixed and validated the microcodes, see the referenced Amd url that has info about estimated timelines for various CPUs.

References

- https://bugs.mageia.org/show_bug.cgi?id=32142

- https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20593

Resolution

MGASA-2023-0244 - Updated microcode packages fix security vulnerability

SRPMS

- 8/nonfree/microcode-0.20230613-2.mga8.nonfree

Severity
Publication date: 26 Jul 2023
URL: https://advisories.mageia.org/MGASA-2023-0244.html
Type: security
CVE: CVE-2023-20593

Related News

Critical OpenDMARC DoS Bug Fixed

Sep 22, 2023

Critical Memory Safety Bug, Other Severe Vulns Fixed in Thunderbird

Sep 15, 2023

Severe Thunderbird Vulns Lead to DoS, Code Execution - Update Now!

Aug 9, 2023

Zenbleed Microcode Info Disclosure Vuln Fixed

Aug 3, 2023

News

Advisories

HOWTOs

Features

Guide To Software Security Testing On Linux
Everything You Need to Know About Linux Proxy Servers
Simple Steps for Identifying & Troubleshooting a Kernel Panic
Linux Endpoint Detection and Response (EDR): A Crucial Part of a Successful Cybersecurity Strategy
Supercharging Linux: Tips & Tricks to Beat the Threat Landscape

About Us

Powered By

Footer Logo

Feedback