MGASA-2023-0249
Vulnerability Summary
Timeline
Description
Updated microcode packages fix security vulnerabilities This update adds initial microcode updates for AMD and Intel CPUs for the following security issues: AMD: A side channel vulnerability in some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled instruction pointer register, potentially leading to information disclosure (CVE-2023-20569). Intel: Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (CVE-2022-40982, INTEL-SA-00828). Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access (CVE-2022-41804, INTEL-SA-00837). Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access (CVE-2023-23908, INTEL-SA-00836).
Affected Systems
- mageia•microcode
< 0.20230808-2.mga8.nonfree
References (7)
- https://advisories.mageia.org/MGASA-2023-0249.html
- https://bugs.mageia.org/show_bug.cgi?id=32167
- https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html
- https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00837.html