Описание
Security update for ucode-intel
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20240312 release. (bsc#1221323)
- CVE-2023-39368: Protection mechanism failure of bus lock regulator for some Intel Processors may allow an unauthenticated user to potentially enable denial of service via network access
- CVE-2023-38575: Non-transparent sharing of return predictor targets between contexts in some Intel Processors may allow an authorized user to potentially enable information disclosure via local access.
- CVE-2023-28746: Information exposure through microarchitectural state after transient execution from some register files for some Intel Atom Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2023-22655 Protection mechanism failure in some 3rd and 4th Generation Intel Xeon Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2023-43490: Incorrect calculation in microcode keying mechanism for some Intel Xeon D Processors with Intel® SGX may allow a privileged user to potentially enable information disclosure via local access.
Список пакетов
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP5
Ссылки
- Link for SUSE-SU-2024:0917-1
- E-Mail link for SUSE-SU-2024:0917-1
- SUSE Security Ratings
- SUSE Bug 1221323
- SUSE CVE CVE-2023-22655 page
- SUSE CVE CVE-2023-28746 page
- SUSE CVE CVE-2023-38575 page
- SUSE CVE CVE-2023-39368 page
- SUSE CVE CVE-2023-43490 page
Описание
Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.
Затронутые продукты
Ссылки
- CVE-2023-22655
- SUSE Bug 1221323
Описание
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Затронутые продукты
Ссылки
- CVE-2023-28746
- SUSE Bug 1213456
- SUSE Bug 1221323
Описание
Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
Затронутые продукты
Ссылки
- CVE-2023-38575
- SUSE Bug 1221323
Описание
Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network access.
Затронутые продукты
Ссылки
- CVE-2023-39368
- SUSE Bug 1221323
Описание
Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access.
Затронутые продукты
Ссылки
- CVE-2023-43490
- SUSE Bug 1221323