MGASA-2023-0249

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2023-0249.html
Import Source
https://advisories.mageia.org/MGASA-2023-0249.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2023-0249
Related
Published
2023-08-23T19:56:41Z
Modified
2023-08-23T18:38:28Z
Summary
Updated microcode packages fix security vulnerabilities
Details

This update adds initial microcode updates for AMD and Intel CPUs for the following security issues:

AMD: A side channel vulnerability in some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled instruction pointer register, potentially leading to information disclosure (CVE-2023-20569).

Intel: Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (CVE-2022-40982, INTEL-SA-00828).

Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access (CVE-2022-41804, INTEL-SA-00837).

Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access (CVE-2023-23908, INTEL-SA-00836).

References
Credits

Affected packages

Mageia:8 / microcode

Package

Name
microcode
Purl
pkg:rpm/mageia/microcode?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.20230808-2.mga8.nonfree

Ecosystem specific 

{
    "section": "nonfree"
}