Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE 12 SP5: 2024:3995-1 important: ucode-intel denial of service

suse
Calendar Grey November 15, 2024
Dist Suse Esm H88
A critical update for SUSE addressing ucode-intel mitigates several security flaws, including risks of privilege escalation and denial of service attacks.
* bsc#1233313 Cross-References: * CVE-2024-21820 * CVE-2024-21853

Summary

## This update for ucode-intel fixes the following issues: * Intel CPU Microcode was updated to the 20241112 release (bsc#1233313) * CVE-2024-21853: Faulty finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel Xeon Processors may allow an authorized user to potentially enable denial of service via local access. * CVE-2024-23918: Improper conditions check in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access. * CVE-2024-21820: Incorrect default permissions in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access.

Topics%20covered

Topics Covered

security advisory denial of service privilege escalation important information disclosure SUSE ucode-intel

References

* bsc#1233313

Cross-

* CVE-2024-21820

* CVE-2024-21853

* CVE-2024-23918

* CVE-2024-23984

* CVE-2024-24968

CVSS scores:

* CVE-2024-21820 ( SUSE ): 8.5

CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

* CVE-2024-21820 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

* CVE-2024-21820 ( NVD ): 8.5

CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2024-21820 ( NVD ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

* CVE-2024-21853 ( SUSE ): 5.7

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2024-21853 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:3995-1
Release Date: 2024-11-15T08:27:01Z
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service privilege escalation important information disclosure SUSE ucode-intel

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here