Lucene search

K
mageiaGentoo FoundationMGASA-2022-0064
HistoryFeb 15, 2022 - 11:50 p.m.

Updated microcode packages fix security vulnerabilities

2022-02-1523:50:31
Gentoo Foundation
advisories.mageia.org
46
microcode
intel processors
security vulnerabilities
denial of service
information disclosure
escalation of privilege
memory subsystem
network access.

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.9%

Updated microcodes for Intel processors, fixing various functional issues, and at least the following security issues: Insufficient control flow management in some Intel® Processors may allow an authenticated user to potentially enable a denial of service via local access (CVE-2021-0127 / SA-00532). Improper initialization of shared resources in some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access (CVE-2021-0145 / SA-00561). Hardware allows activation of test or debug logic at runtime for some Intel® processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access (CVE-2021-0146 / SA-00528). Out of bounds read under complex microarchitectural condition in memory subsystem for some Intel Atom® Processors may allow authenticated user to potentially enable information disclosure or cause denial of service via network access (CVE-2021-33120 / SA-00589) For info about the other fixes in this update, see the github reference.

OSVersionArchitecturePackageVersionFilename
Mageia8noarchmicrocode< 0.20220207-1microcode-0.20220207-1.mga8.nonfree

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.9%