Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Mageia 8 MGASA-2023-0249 Moderate Microcode Update for Processors

mageia
Calendar Grey August 23, 2023
Dist Mageia Esm H88
Boost the safety of your CPU by leveraging Mageia’s microcode revision that tackles flaws found in both Intel and AMD processors.
This update adds initial microcode updates for AMD and Intel CPUs for the following security issues: AMD:

Summary

This update adds initial microcode updates for AMD and Intel CPUs for the following security issues:

AMD: A side channel vulnerability in some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled instruction pointer register, potentially leading to information disclosure (CVE-2023-20569).

Intel: Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (CVE-2022-40982, INTEL-SA-00828).
Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access (CVE-2022-41804, INTEL-SA-00837).
Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged us...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=32167

- https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html

- https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808

-

- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html

- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00837.html

- https://www.cve.org/CVERecord?id=CVE-2022-40982

- https://www.cve.org/CVERecord?id=CVE-2022-41804

- https://www.cve.org/CVERecord?id=CVE-2023-20569

- https://www.cve.org/CVERecord?id=CVE-2023-23908

Topics%20covered

Topics Covered

security advisory privilege escalation Intel information disclosure AMD microcode update Mageia

Resolution

SRPMS

- 8/nonfree/microcode-0.20230808-2.mga8.nonfree

Publication date: 23 Aug 2023
URL: https://advisories.mageia.org/MGASA-2023-0249.html
Type: security
CVE: CVE-2022-40982, CVE-2022-41804, CVE-2023-20569, CVE-2023-23908

Topics%20covered

Topics Covered

security advisory privilege escalation Intel information disclosure AMD microcode update Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here