MGASA-2024-0103

Description

Updated microcode packages fix security vulnerabilities Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2023-22655) Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2023-28746) Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2023-38575) Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network access. (CVE-2023-39368) Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access. (CVE-2023-43490)

Affected Systems

• mageia•microcode

  < 0.20240312-1.mga9.nonfree

References (4)

• https://advisories.mageia.org/MGASA-2024-0103.html
• https://bugs.mageia.org/show_bug.cgi?id=33015
• https://lwn.net/Articles/966603/
• https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312