Lucene search

K
mageiaGentoo FoundationMGASA-2024-0103
HistoryMar 31, 2024 - 6:27 a.m.

Updated microcode packages fix security vulnerabilities

2024-03-3106:27:58
Gentoo Foundation
advisories.mageia.org
16
microcode
security vulnerabilities
intel processors
intel sgx
intel tdx
cve-2023-22655
cve-2023-28746
cve-2023-38575
cve-2023-39368
cve-2023-43490
information disclosure
escalation of privilege
denial of service
transient execution

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.0%

Protection mechanism failure in some 3rd and 4th Generation Intel® Xeon® Processors when using Intel® SGX or Intel® TDX may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2023-22655) Information exposure through microarchitectural state after transient execution from some register files for some Intel® Atom® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2023-28746) Non-transparent sharing of return predictor targets between contexts in some Intel® Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2023-38575) Protection mechanism failure of bus lock regulator for some Intel® Processors may allow an unauthenticated user to potentially enable denial of service via network access. (CVE-2023-39368) Incorrect calculation in microcode keying mechanism for some Intel® Xeon® D Processors with Intel® SGX may allow a privileged user to potentially enable information disclosure via local access. (CVE-2023-43490)

OSVersionArchitecturePackageVersionFilename
Mageia9noarchmicrocode< 0.20240312-1microcode-0.20240312-1.mga9.nonfree

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.0%