[SUSE-SU-2024:1139-1] Security update for ucode-intel
Severity
Moderate
Affected Packages
7
CVEs
5
Security update for ucode-intel
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20240312 release. (bsc#1221323)
- CVE-2023-39368: Protection mechanism failure of bus lock regulator for some Intel Processors may allow an unauthenticated user to potentially enable denial of service via network access
- CVE-2023-38575: Non-transparent sharing of return predictor targets between contexts in some Intel Processors may allow an authorized user to potentially enable information disclosure via local access.
- CVE-2023-28746: Information exposure through microarchitectural state after transient execution from some register files for some Intel Atom Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2023-22655 Protection mechanism failure in some 3rd and 4th Generation Intel Xeon Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2023-43490: Incorrect calculation in microcode keying mechanism for some Intel Xeon D Processors with IntelĀ® SGX may allow a privileged user to potentially enable information disclosure via local access.
| Package | Affected Version |
|---|---|
 pkg:rpm/suse/ucode-intel?arch=x86_64&distro=sles-15&sp=4
|
< 20240312-150200.38.1 |
|
pkg:rpm/suse/ucode-intel?arch=x86_64&distro=sles-15&sp=3
|
< 20240312-150200.38.1 |
|
pkg:rpm/suse/ucode-intel?arch=x86_64&distro=sles-15&sp=2
|
< 20240312-150200.38.1 |
|
pkg:rpm/suse/ucode-intel?arch=x86_64&distro=slem-5
|
< 20240312-150200.38.1 |
|
pkg:rpm/suse/ucode-intel?arch=x86_64&distro=opensuse-leap-micro-5.4
|
< 20240312-150200.38.1 |
|
pkg:rpm/suse/ucode-intel?arch=x86_64&distro=opensuse-leap-micro-5.3
|
< 20240312-150200.38.1 |
|
pkg:rpm/suse/ucode-intel?arch=x86_64&distro=opensuse-leap-15.5
|
< 20240312-150200.38.1 |
- ID
- SUSE-SU-2024:1139-1
- Severity
- moderate
- URL
- https://www.suse.com/support/update/announcement/2024/suse-su-20241139-1/
- Published
-
2024-04-08T09:31:39
(5 months ago) - Modified
-
2024-04-08T09:31:39
(5 months ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
-
ALAS2-2024-2491
-
ALPINE:CVE-2023-22655
-
ALPINE:CVE-2023-28746
-
ALPINE:CVE-2023-38575
-
ALPINE:CVE-2023-39368
-
ALPINE:CVE-2023-43490
-
ALSA-2024:5101
-
DSA-5681-1
-
ELSA-2024-5101
-
FEDORA-2024-29f57f1b4e
-
FEDORA-2024-3a36322c4b
-
FEDORA-2024-96f3c3f3d3
-
FEDORA-2024-9e9f53d01d
-
FEDORA-2024-f3692f8528
-
FREEBSD:B6DD9D93-E09B-11EE-92FC-1C697A616631
-
MS:CVE-2023-28746
-
RHSA-2024:5101
-
RLSA-2024:5101
-
SUSE-SU-2024:0856-1
-
SUSE-SU-2024:0857-1
-
SUSE-SU-2024:0858-1
-
SUSE-SU-2024:0900-1
-
SUSE-SU-2024:0900-2
-
SUSE-SU-2024:0910-1
-
SUSE-SU-2024:0917-1
-
SUSE-SU-2024:0925-1
-
SUSE-SU-2024:0926-1
-
SUSE-SU-2024:0975-1
-
SUSE-SU-2024:0976-1
-
SUSE-SU-2024:0977-1
-
SUSE-SU-2024:1101-1
-
SUSE-SU-2024:1102-1
-
SUSE-SU-2024:1105-1
-
SUSE-SU-2024:1152-1
-
SUSE-SU-2024:1321-1
-
SUSE-SU-2024:1322-1
-
SUSE-SU-2024:1454-1
-
SUSE-SU-2024:1466-1
-
SUSE-SU-2024:1480-1
-
SUSE-SU-2024:1489-1
-
SUSE-SU-2024:1490-1
-
SUSE-SU-2024:1643-1
-
SUSE-SU-2024:1648-1
-
SUSE-SU-2024:1669-1
-
SUSE-SU-2024:1870-1
-
SUSE-SU-2024:2535-1
-
USN-6797-1
-
XSA-452
-
| Source | # ID | Name | URL |
|---|---|---|---|
| Suse | SUSE ratings |
|
|
| Suse | URL of this CSAF notice |
|
|
| Suse | URL for SUSE-SU-2024:1139-1 |
|
|
| Suse | E-Mail link for SUSE-SU-2024:1139-1 |
|
|
| Bugzilla | SUSE Bug 1221323 |
|
|
| CVE | SUSE CVE CVE-2023-22655 page |
|
|
| CVE | SUSE CVE CVE-2023-28746 page |
|
|
| CVE | SUSE CVE CVE-2023-38575 page |
|
|
| CVE | SUSE CVE CVE-2023-39368 page |
|
|
| CVE | SUSE CVE CVE-2023-43490 page |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/suse/ucode-intel?arch=x86_64&distro=sles-15&sp=4 | suse |
ucode-intel
|
< 20240312-150200.38.1 | sles-15 | x86_64 | |
| Affected | pkg:rpm/suse/ucode-intel?arch=x86_64&distro=sles-15&sp=3 | suse |
ucode-intel
|
< 20240312-150200.38.1 | sles-15 | x86_64 | |
| Affected | pkg:rpm/suse/ucode-intel?arch=x86_64&distro=sles-15&sp=2 | suse |
ucode-intel
|
< 20240312-150200.38.1 | sles-15 | x86_64 | |
| Affected | pkg:rpm/suse/ucode-intel?arch=x86_64&distro=slem-5 | suse |
ucode-intel
|
< 20240312-150200.38.1 | slem-5 | x86_64 | |
| Affected | pkg:rpm/suse/ucode-intel?arch=x86_64&distro=opensuse-leap-micro-5.4 | suse |
ucode-intel
|
< 20240312-150200.38.1 | opensuse-leap-micro-5.4 | x86_64 | |
| Affected | pkg:rpm/suse/ucode-intel?arch=x86_64&distro=opensuse-leap-micro-5.3 | suse |
ucode-intel
|
< 20240312-150200.38.1 | opensuse-leap-micro-5.3 | x86_64 | |
| Affected | pkg:rpm/suse/ucode-intel?arch=x86_64&distro=opensuse-leap-15.5 | suse |
ucode-intel
|
< 20240312-150200.38.1 | opensuse-leap-15.5 | x86_64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |