Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2022:2838-1 Moderate Vulnerability in ucode-intel Data Leak

suse
Calendar Grey August 18, 2022
Dist Suse Esm H88
The latest SUSE Security Update resolves CVE-2022-21233, a moderate severity data exposure vulnerability found in ucode-intel firmware.

An update that fixes one vulnerability is now available.

Summary

This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220809 release (bsc#1201727): - CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave (INTEL-SA-00657). See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html Other fixes: - Update for functional issues. See also: https://www.intel.com/content/www/us/en/products/details/processors.html?wapkw=processor+specification+update - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:---------

Topics%20covered

Topics Covered

security advisory moderate security update SUSE data leak intel microcode ucode-intel

References

#1201727

Cross- CVE-2022-21233

CVSS scores:

CVE-2022-21233 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Affected Products:

SUSE Linux Enterprise Server 12-SP2-BCL

SUSE Linux Enterprise Server 12-SP3-BCL

SUSE Linux Enterprise Server 12-SP4-LTSS

SUSE Linux Enterprise Server for SAP 12-SP4

SUSE OpenStack Cloud 9

SUSE OpenStack Cloud Crowbar 9

https://www.suse.com/security/cve/CVE-2022-21233.html

https://bugzilla.suse.com/1201727

Announcement ID: SUSE-SU-2022:2838-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate security update SUSE data leak intel microcode ucode-intel

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here