Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu 22.10: USN-5886-1 Moderate: Intel Microcode Escalation Risks

ubuntu
Calendar Grey February 27, 2023
Dist Ubuntu Esm H88
Remedies for Intel Microcode vulnerabilities in various Ubuntu distributions, minimizing chances of exploits and safeguarding sensitive data.
Several security issues were fixed in Intel Microcode.

Summary

Several security issues were fixed in Intel Microcode.

Software Description:

- intel-microcode: Processor microcode for Intel CPUs

Details:

Erik C. Bjorge discovered that some Intel(R) Atom and Intel Xeon Scalable

Processors did not properly implement access controls for out-of-band

management. This may allow a privileged network-adjacent user to potentially

escalate privileges. (CVE-2022-21216)

Cfir Cohen, Erdem Aktas, Felix Wilhelm, James Forshaw, Josh Eads, Nagaraju

Kodalapura Nagabhushana Rao, Przemyslaw Duda, Liron Shacham and Ron Anderson

discovered that some Intel(R) Xeon(R) Processors used incorrect default

permissions in some memory controller configurations when using Intel(R)

Software Guard Extensions. This may allow a privileged local user to potentially

escalate privileges. (CVE-2022-33196)

It was discovered that some 3rd Generation Intel(R) Xeon(R) Scalable Processorsdid not properly calculate microkey keying. This may allow a privileged local

user to potentially...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
  intel-microcode                 3.20230214.0ubuntu0.22.10.1

Ubuntu 22.04 LTS:
  intel-microcode                 3.20230214.0ubuntu0.22.04.1

Ubuntu 20.04 LTS:
  intel-microcode                 3.20230214.0ubuntu0.20.04.1

Ubuntu 18.04 LTS:
  intel-microcode                 3.20230214.0ubuntu0.18.04.1

Ubuntu 16.04 ESM:
  intel-microcode                 3.20230214.0ubuntu0.16.04.1+esm1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to reboot your computer to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5886-1

CVE-2022-21216, CVE-2022-33196, CVE-2022-33972, CVE-2022-38090

Severity
important
Lowest
Low
Medium
High
Critical

February 27, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here