Alerts This Week
Warning Icon 1 684
Alerts This Week
Warning Icon 1 684

Ubuntu 23.04 USN-6286-1 Critical Intel Microcode Info Disclosure

Calendar Aug 14, 2023 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory critical privilege escalation Ubuntu information disclosure intel-microcode
Several security issues were fixed in Intel Microcode. 
==========================================================================
Ubuntu Security Notice USN-6286-1
August 14, 2023

intel-microcode vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in Intel Microcode.

Software Description:
- intel-microcode: Processor microcode for Intel CPUs

Details:

Daniel Moghimi discovered that some Intel(R) Processors did not properly clear
microarchitectural state after speculative execution of various instructions. A
local unprivileged user could use this to obtain to sensitive
information. (CVE-2022-40982)

It was discovered that some Intel(R) Xeon(R) Processors did not properly
restrict error injection for Intel(R) SGX or Intel(R) TDX. A local privileged
user could use this to further escalate their privileges. (CVE-2022-41804)

It was discovered that some 3rd Generation Intel(R) Xeon(R) Scalable processors
did not properly restrict access in some situations. A local privileged attacker
could use this to obtain sensitive information. (CVE-2023-23908)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
  intel-microcode                 3.20230808.0ubuntu1

Ubuntu 22.04 LTS:
  intel-microcode                 3.20230808.0ubuntu0.22.04.1

Ubuntu 20.04 LTS:
  intel-microcode                 3.20230808.0ubuntu0.20.04.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
  intel-microcode                 3.20230808.0ubuntu0.18.04.1+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  intel-microcode                 3.20230808.0ubuntu0.16.04.1+esm1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6286-1
  CVE-2022-40982, CVE-2022-41804, CVE-2023-23908

Package Information:
  https://launchpad.net/ubuntu/+source/intel-microcode/3.20230808.0ubuntu1
  https://launchpad.net/ubuntu/+source/intel-microcode/3.20230808.0ubuntu0.22.04.1
  https://launchpad.net/ubuntu/+source/intel-microcode/3.20230808.0ubuntu0.20.04.1

Ubuntu 23.04 USN-6286-1 Critical Intel Microcode Info Disclosure

ubuntu
Calendar Grey August 14, 2023
Dist Ubuntu Esm H88
Various problems addressed in Intel Microcode revisions for Ubuntu versions 16.04 to 23.04, tackling potential security vulnerabilities.
Several security issues were fixed in Intel Microcode.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in Intel Microcode. Software Description: - intel-microcode: Processor microcode for Intel CPUs Details: Daniel Moghimi discovered that some Intel(R) Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. (CVE-2022-40982) It was discovered that some Intel(R) Xeon(R) Processors did not properly restrict error injection for Intel(R) SGX or Intel(R) TDX. A local privileged user could use this to further escalate their privileges. (CVE-2022-41804) It was discovered that some 3rd Generation Intel(R) Xeon(R) Scalable processors did not properly restrict access in some situations. A local pri...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory critical privilege escalation Ubuntu information disclosure intel-microcode

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: intel-microcode 3.20230808.0ubuntu1 Ubuntu 22.04 LTS: intel-microcode 3.20230808.0ubuntu0.22.04.1 Ubuntu 20.04 LTS: intel-microcode 3.20230808.0ubuntu0.20.04.1 Ubuntu 18.04 LTS (Available with Ubuntu Pro): intel-microcode 3.20230808.0ubuntu0.18.04.1+esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): intel-microcode 3.20230808.0ubuntu0.16.04.1+esm1 After a standard system update you need to reboot your computer to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6286-1

CVE-2022-40982, CVE-2022-41804, CVE-2023-23908

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6286-1

Topics%20covered

Topics Covered

security advisory critical privilege escalation Ubuntu information disclosure intel-microcode

Package Information

https://launchpad.net/ubuntu/+source/intel-microcode/3.20230808.0ubuntu1 https://launchpad.net/ubuntu/+source/intel-microcode/3.20230808.0ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/intel-microcode/3.20230808.0ubuntu0.20.04.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here