Описание
Security update for kernel-firmware
This update for kernel-firmware fixes the following issues:
- CVE-2023-31315: Fixed validation in a model specific register (MSR) that lead to modification of SMM configuration by malicious program with ring0 access (bsc#1229069)
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
kernel-firmware-20200107-150100.3.43.1
ucode-amd-20200107-150100.3.43.1
SUSE Linux Enterprise Server 15 SP2-LTSS
kernel-firmware-20200107-150100.3.43.1
ucode-amd-20200107-150100.3.43.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
kernel-firmware-20200107-150100.3.43.1
ucode-amd-20200107-150100.3.43.1
Ссылки
- Link for SUSE-SU-2024:2944-1
- E-Mail link for SUSE-SU-2024:2944-1
- SUSE Security Ratings
- SUSE Bug 1229069
- SUSE CVE CVE-2023-31315 page
Описание
Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:kernel-firmware-20200107-150100.3.43.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:ucode-amd-20200107-150100.3.43.1
SUSE Linux Enterprise Server 15 SP2-LTSS:kernel-firmware-20200107-150100.3.43.1
SUSE Linux Enterprise Server 15 SP2-LTSS:ucode-amd-20200107-150100.3.43.1
Ссылки
- CVE-2023-31315
- SUSE Bug 1229069