[SUSE-SU-2024:1139-1] Security update for ucode-intel
Severity
Moderate
Affected Packages
7
CVEs
5
Security update for ucode-intel
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20240312 release. (bsc#1221323)
- CVE-2023-39368: Protection mechanism failure of bus lock regulator for some Intel Processors may allow an unauthenticated user to potentially enable denial of service via network access
- CVE-2023-38575: Non-transparent sharing of return predictor targets between contexts in some Intel Processors may allow an authorized user to potentially enable information disclosure via local access.
- CVE-2023-28746: Information exposure through microarchitectural state after transient execution from some register files for some Intel Atom Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2023-22655 Protection mechanism failure in some 3rd and 4th Generation Intel Xeon Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2023-43490: Incorrect calculation in microcode keying mechanism for some Intel Xeon D Processors with IntelĀ® SGX may allow a privileged user to potentially enable information disclosure via local access.
Package | Affected Version |
---|---|
pkg:rpm/suse/ucode-intel?arch=x86_64&distro=sles-15&sp=4 | < 20240312-150200.38.1 |
pkg:rpm/suse/ucode-intel?arch=x86_64&distro=sles-15&sp=3 | < 20240312-150200.38.1 |
pkg:rpm/suse/ucode-intel?arch=x86_64&distro=sles-15&sp=2 | < 20240312-150200.38.1 |
pkg:rpm/suse/ucode-intel?arch=x86_64&distro=slem-5 | < 20240312-150200.38.1 |
pkg:rpm/suse/ucode-intel?arch=x86_64&distro=opensuse-leap-micro-5.4 | < 20240312-150200.38.1 |
pkg:rpm/suse/ucode-intel?arch=x86_64&distro=opensuse-leap-micro-5.3 | < 20240312-150200.38.1 |
pkg:rpm/suse/ucode-intel?arch=x86_64&distro=opensuse-leap-15.5 | < 20240312-150200.38.1 |
- ID
- SUSE-SU-2024:1139-1
- Severity
- moderate
- URL
- https://www.suse.com/support/update/announcement/2024/suse-su-20241139-1/
- Published
-
2024-04-08T09:31:39
(5 months ago) - Modified
-
2024-04-08T09:31:39
(5 months ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS2-2024-2491
- ALPINE:CVE-2023-22655
- ALPINE:CVE-2023-28746
- ALPINE:CVE-2023-38575
- ALPINE:CVE-2023-39368
- ALPINE:CVE-2023-43490
- ALSA-2024:5101
- DSA-5681-1
- ELSA-2024-5101
- FEDORA-2024-29f57f1b4e
- FEDORA-2024-3a36322c4b
- FEDORA-2024-96f3c3f3d3
- FEDORA-2024-9e9f53d01d
- FEDORA-2024-f3692f8528
- FREEBSD:B6DD9D93-E09B-11EE-92FC-1C697A616631
- MS:CVE-2023-28746
- RHSA-2024:5101
- RLSA-2024:5101
- SUSE-SU-2024:0856-1
- SUSE-SU-2024:0857-1
- SUSE-SU-2024:0858-1
- SUSE-SU-2024:0900-1
- SUSE-SU-2024:0900-2
- SUSE-SU-2024:0910-1
- SUSE-SU-2024:0917-1
- SUSE-SU-2024:0925-1
- SUSE-SU-2024:0926-1
- SUSE-SU-2024:0975-1
- SUSE-SU-2024:0976-1
- SUSE-SU-2024:0977-1
- SUSE-SU-2024:1101-1
- SUSE-SU-2024:1102-1
- SUSE-SU-2024:1105-1
- SUSE-SU-2024:1152-1
- SUSE-SU-2024:1321-1
- SUSE-SU-2024:1322-1
- SUSE-SU-2024:1454-1
- SUSE-SU-2024:1466-1
- SUSE-SU-2024:1480-1
- SUSE-SU-2024:1489-1
- SUSE-SU-2024:1490-1
- SUSE-SU-2024:1643-1
- SUSE-SU-2024:1648-1
- SUSE-SU-2024:1669-1
- SUSE-SU-2024:1870-1
- SUSE-SU-2024:2535-1
- USN-6797-1
- XSA-452
Source | # ID | Name | URL |
---|---|---|---|
Suse | SUSE ratings | https://www.suse.com/support/security/rating/ | |
Suse | URL of this CSAF notice | https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1139-1.json | |
Suse | URL for SUSE-SU-2024:1139-1 | https://www.suse.com/support/update/announcement/2024/suse-su-20241139-1/ | |
Suse | E-Mail link for SUSE-SU-2024:1139-1 | https://lists.suse.com/pipermail/sle-updates/2024-April/034883.html | |
Bugzilla | SUSE Bug 1221323 | https://bugzilla.suse.com/1221323 | |
CVE | SUSE CVE CVE-2023-22655 page | https://www.suse.com/security/cve/CVE-2023-22655/ | |
CVE | SUSE CVE CVE-2023-28746 page | https://www.suse.com/security/cve/CVE-2023-28746/ | |
CVE | SUSE CVE CVE-2023-38575 page | https://www.suse.com/security/cve/CVE-2023-38575/ | |
CVE | SUSE CVE CVE-2023-39368 page | https://www.suse.com/security/cve/CVE-2023-39368/ | |
CVE | SUSE CVE CVE-2023-43490 page | https://www.suse.com/security/cve/CVE-2023-43490/ |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/ucode-intel?arch=x86_64&distro=sles-15&sp=4 | suse | ucode-intel | < 20240312-150200.38.1 | sles-15 | x86_64 | |
Affected | pkg:rpm/suse/ucode-intel?arch=x86_64&distro=sles-15&sp=3 | suse | ucode-intel | < 20240312-150200.38.1 | sles-15 | x86_64 | |
Affected | pkg:rpm/suse/ucode-intel?arch=x86_64&distro=sles-15&sp=2 | suse | ucode-intel | < 20240312-150200.38.1 | sles-15 | x86_64 | |
Affected | pkg:rpm/suse/ucode-intel?arch=x86_64&distro=slem-5 | suse | ucode-intel | < 20240312-150200.38.1 | slem-5 | x86_64 | |
Affected | pkg:rpm/suse/ucode-intel?arch=x86_64&distro=opensuse-leap-micro-5.4 | suse | ucode-intel | < 20240312-150200.38.1 | opensuse-leap-micro-5.4 | x86_64 | |
Affected | pkg:rpm/suse/ucode-intel?arch=x86_64&distro=opensuse-leap-micro-5.3 | suse | ucode-intel | < 20240312-150200.38.1 | opensuse-leap-micro-5.3 | x86_64 | |
Affected | pkg:rpm/suse/ucode-intel?arch=x86_64&distro=opensuse-leap-15.5 | suse | ucode-intel | < 20240312-150200.38.1 | opensuse-leap-15.5 | x86_64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |