Stay Secure with the Latest Linux Advisories

security advisorycritical updatedata exposure

Mageia 8 MGASA-2023-0244 Critical: Zen 2 Microcode Leak Issue

Under specific microarchitectural circumstances, a register in "Zen 2" CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information (CVE-2023-20593, also known as Zenbleed). . MGASA-2023-0244 - Updated microcode packages fix security vulnerability Publication date: 26 Jul 2023 URL: https://advisories.mageia.org/MGASA-2023-0244.html Type: security Affected Mageia releases: 8 CVE: CVE-2023-20593 Under specific microarchitectural circumstances, a register in "Zen 2" CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information (CVE-2023-20593, also known as Zenbleed). This update adds the microcode for Amd Epyc gen 2 cpus. Other Zen 2 based CPUs will get their microcode update at a later time when Amd has fixed and validated the microcodes, see the referenced Amd url that has info about estimated timelines for various CPUs. References: - https://bugs.mageia.org/show_bug.cgi?id=32142 - https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html - https://www.cve.org/CVERecord?id=CVE-2023-20593 SRPMS: - 8/nonfree/microcode-0.20230613-2.mga8.nonfree . MGASA-2023-0245 releases firmware adjustments to address a vulnerability in Zen 2 processors that could result in the leakage of confidential information.. Microcode Update, Zen 2 Vulnerability, AMD Security, Mageia Advisory. . Severity: Critical. LinuxSecurity.com Team

Jul 26, 2023 •Critical Mageia