Mageia 8 MGASA-2023-0244 Critical: Zen 2 Microcode Leak Issue
mageia
July 26, 2023
Under specific microarchitectural circumstances, a register in "Zen 2" CPUs may not be written to 0 correctly
Summary
Under specific microarchitectural circumstances, a register in "Zen 2"
CPUs may not be written to 0 correctly. This may cause data from another
process and/or thread to be stored in the YMM register, which may allow
an attacker to potentially access sensitive information (CVE-2023-20593,
also known as Zenbleed).
This update adds the microcode for Amd Epyc gen 2 cpus. Other Zen 2 based
CPUs will get their microcode update at a later time when Amd has fixed
and validated the microcodes, see the referenced Amd url that has info
about estimated timelines for various CPUs.
References
- https://bugs.mageia.org/show_bug.cgi?id=32142
- https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html
- https://www.cve.org/CVERecord?id=CVE-2023-20593
Topics Covered
Resolution
SRPMS
- 8/nonfree/microcode-0.20230613-2.mga8.nonfree
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 26 Jul 2023
URL: https://advisories.mageia.org/MGASA-2023-0244.html
Type: security
CVE: CVE-2023-20593
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!