SUSE_ALP_Standard/patchinfo.20240719123321378528.269002615871826/_patchinfo

54 lines
2.6 KiB
Plaintext
Raw Normal View History

<patchinfo>
<!-- generated from request(s) 333497 -->
<issue tracker="bnc" id="1221323">VUL-0: CVE-2023-28746: ucode-intel: 20240312 release</issue>
<issue tracker="bnc" id="1224277">VUL-0: ucode-intel: 20240514 release</issue>
<issue tracker="cve" id="2023-22655"/>
<issue tracker="cve" id="2023-28746"/>
<issue tracker="cve" id="2023-38575"/>
<issue tracker="cve" id="2023-39368"/>
<issue tracker="cve" id="2023-43490"/>
<issue tracker="cve" id="2023-45733"/>
<issue tracker="cve" id="2023-45745"/>
<issue tracker="cve" id="2023-46103"/>
<issue tracker="cve" id="2023-47855"/>
<packager>msmeissn</packager>
<rating>moderate</rating>
<reboot_needed/>
<category>security</category>
<summary>Security update for ucode-intel</summary>
<description>This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20240514 release (bsc#1224277)
- CVE-2023-45733: Security updates for INTEL-SA-01051
- CVE-2023-46103: Security updates for INTEL-SA-01052
- CVE-2023-45745,CVE-2023-47855: Security updates for INTEL-SA-01036
- Updated to Intel CPU Microcode 20240312 release. (bsc#1221323)
- Security updates for INTEL-SA-INTEL-SA-00972
- CVE-2023-39368: Protection mechanism failure of bus lock regulator
for some Intel Processors may allow an unauthenticated user to
potentially enable denial of service via network access
- Security updates for INTEL-SA-INTEL-SA-00982
- CVE-2023-38575: Non-transparent sharing of return predictor targets
between contexts in some Intel Processors may allow an authorized
user to potentially enable information disclosure via local access.
- Security updates for INTEL-SA-INTEL-SA-00898
- CVE-2023-28746: Information exposure through microarchitectural
state after transient execution from some register files for some
Intel Atom Processors may allow an authenticated user to potentially
enable information disclosure via local access.
- Security updates for INTEL-SA-INTEL-SA-00960
- CVE-2023-22655 Protection mechanism failure in some 3rd and 4th
Generation Intel Xeon Processors when using Intel SGX or Intel TDX
may allow a privileged user to potentially enable escalation of
privilege via local access.
- Security updates for INTEL-SA-INTEL-SA-01045
- CVE-2023-43490: Incorrect calculation in microcode keying mechanism
for some Intel Xeon D Processors with Intel SGX may allow a
privileged user to potentially enable information disclosure via
local access.
</description>
<package>ucode-intel</package>
<seperate_build_arch/>
</patchinfo>