MGASA-2023-0085

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2023-0085.html
Import Source
https://advisories.mageia.org/MGASA-2023-0085.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2023-0085
Related
Published
2023-03-11T19:00:39Z
Modified
2023-03-11T17:51:53Z
Summary
Updated microcode packages fix security vulnerabilities
Details

Updated microcode packages fix security vulnerabilities:

Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network access (CVE-2022-21216 / intel-sa-00700).

Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local access (CVE-2022-33196 / intel-sa-00738).

Incorrect calculation in microcode keying mechanism for some 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable information disclosure via local access (CVE-2022-33972 / intel-sa-00730).

Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access (CVE-2022-38090 / intel-sa-00767).

References
Credits

Affected packages

Mageia:8 / microcode

Package

Name
microcode
Purl
pkg:rpm/mageia/microcode?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.20230214-1.mga8.nonfree

Ecosystem specific 

{
    "section": "nonfree"
}