MGASA-2024-0103 Updated microcode packages fix security vulnerabilities

Protection mechanism failure in some 3rd and 4th Generation IntelR XeonR Processors when using IntelR SGX or IntelR TDX may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2023-22655 Information exposure through microarchitectural state after transient...

SUSE-SU-2024:0885-1 Security update for spectre-meltdown-checker

This update for spectre-meltdown-checker fixes the following issues: - updated to 0.46 This release mainly focuses on the detection of the new Zenbleed CVE-2023-20593 vulnerability, among few other changes that were in line waiting for a release: - feat: detect the vulnerability and mitigation of...

2024.1 IPU - Intel® Processor Return Predictions Advisory

Summary: A potential security vulnerability in some Intel® Processors may allow information disclosure. Intel is releasing a firmware update to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-38575 Description: Non-transparent sharing of return predictor targets...

Mageia: Security Advisory (MGASA-2024-0025)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated dracut package fixes enabling microcode

The updated package fixes enabling early microcode on kernels 6.6+. On affected systems, CPU microcode updates were not loaded. CPU microcode updates are sometimes necessary in order to address important security vulnerabilities. If CPU microcode updates are not properly loaded, these security...

CLSA-2023-1702420812 microcode_ctl: Fix of CVE-2023-23583

Update Intel CPU microcode to microcode-20231114 release, addresses CVE-2023-23583 INTEL-SA-00950: - Addition of 06-ba-02/0xe0 microcode at revision 0x411c; - Addition of 06-ba-02/0xe0 microcode at revision 0x411c; - Addition of 06-ba-03/0xe0 microcode in intel-ucode/06-ba-02 at revision 0x411c;...

CLSA-2023-1694109571 Fix CVE(s): CVE-2023-20569, CVE-2023-20593

New microcode update packages from AMD upstream up to 2023-08-08: + New Microcodes for 19h family: sig 0x00a10f11, sig 0x00a10f12, sig 0x00aa0f01, sig 0x00aa0f02; SECURITY UPDATE: A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction...

MGASA-2023-0249 Updated microcode packages fix security vulnerabilities

This update adds initial microcode updates for AMD and Intel CPUs for the following security issues: AMD: A side channel vulnerability in some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled...

Zenbleed: New Flaw in AMD Zen 2 Processors Puts Encryption Keys and Passwords at Risk

A new security vulnerability has been discovered in AMD's Zen 2 architecture-based processors that could be exploited to extract sensitive data such as encryption keys and passwords. Discovered by Google Project Zero researcher Tavis Ormandy, the flaw – codenamed Zenbleed and tracked as...

K000133630: Intel processor vulnerability CVE-2022-26343

Security Advisory Description Improper access control in the BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2022-26343 Impact This vulnerability may allow a privileged user to potentially enable escalation o...

K29100014: Intel processors vulnerability CVE-2019-14607

Security Advisory Description Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local access. CVE-2019-14607 Impact While certain F5 hardware platforms...

K95204515: Intel CPU vulnerability CVE-2022-21151

Security Advisory Description Processor optimization removal or modification of security-critical code for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-21151 Impact This vulnerability may allow an authenticated user...

K29421535: Intel processor vulnerability CVE-2021-33117

Security Advisory Description Improper access control for some 3rd Generation IntelR XeonR Scalable Processors before BIOS version MR7, may allow a local attacker to potentially enable information disclosure via local access. CVE-2021-33117 Impact This vulnerability may potentially allow a local...

K87351324: Intel BIOS vulnerability CVE-2021-33124

Security Advisory Description Out-of-bounds write in the BIOS authenticated code module for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2021-33124 Impact A local attacker logged in as a privileged user can exploit the...

K14454359: Intel BIOS vulnerability CVE-2021-0153

Security Advisory Description Out-of-bounds write in the BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2021-0153 Impact A local attacker logged in as a privileged user can exploit this vulnerability to gain...

K04303225: Intel BIOS vulnerability CVE-2021-0190

Security Advisory Description Uncaught exception in the BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable aescalation of privilege via local access. CVE-2021-0190 Impact A local attacker logged in as a privileged user can exploit the vulnerability to gain...

K53252134: Intel BIOS vulnerability CVE-2021-0155

Security Advisory Description Unchecked return value in the BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable information disclosure via local access. CVE-2021-0155 Impact A local attacker logged-in as a privileged user can exploit the vulnerability to gai...

SUSE CVE-2016-8637

A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryptio...

microcode_ctl bug fix and enhancement update

An update is available for microcodectl. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The microcodectl packages provide microcode updates for Intel processors...

2022.2 IPU - Intel® Processor Advisory

Summary: A potential security vulnerability in some Intel® Processors may allow information disclosure. Intel is releasing firmware updates to address this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-21233 Description: Improper isolation of shared resources in some IntelR...