File _patchinfo of Package patchinfo.32951

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.32951

<patchinfo incident="32951">
  <issue tracker="bnc" id="1221323">VUL-0: CVE-2023-28746: ucode-intel: 20240312 release</issue>
  <issue tracker="cve" id="2023-43490"/>
  <issue tracker="cve" id="2023-38575"/>
  <issue tracker="cve" id="2023-22655"/>
  <issue tracker="cve" id="2023-28746"/>
  <issue tracker="cve" id="2023-39368"/>
  <packager>msmeissn</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for ucode-intel</summary>
  <description>This update for ucode-intel fixes the following issues:

- Updated to Intel CPU Microcode 20240312 release. (bsc#1221323)
- CVE-2023-39368: Protection mechanism failure of bus lock regulator
  for some Intel Processors may allow an unauthenticated user to
  potentially enable denial of service via network access
- CVE-2023-38575: Non-transparent sharing of return predictor targets
  between contexts in some Intel Processors may allow an authorized
  user to potentially enable information disclosure via local access.
- CVE-2023-28746: Information exposure through microarchitectural
  state after transient execution from some register files for some
  Intel Atom Processors may allow an authenticated user to potentially
  enable information disclosure via local access.
- CVE-2023-22655 Protection mechanism failure in some 3rd and 4th
  Generation Intel Xeon Processors when using Intel SGX or Intel TDX
  may allow a privileged user to potentially enable escalation of
  privilege via local access.
- CVE-2023-43490: Incorrect calculation in microcode keying mechanism
  for some Intel Xeon D Processors with Intel&#174; SGX may allow a
  privileged user to potentially enable information disclosure via
  local access.
</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.32951

Places