ALT-BU-2024-8662-1
Branch p11 update bulletin.
Package firmware-intel-ucode updated to version 26-alt1.20240531 for branch p11 in task 350184.
Closed vulnerabilities
BDU:2024-02258
Уязвимость микропрограммного обеспечения процессоров Intel, связанная с утечкой информации из векторных регистров, позволяющая нарушителю получить доступ к защищаемой информации
BDU:2024-02524
Уязвимость микропрограммного обеспечения процессоров Intel, связанная с раскрытием информации через несоответствие, позволяющая нарушителю раскрыть защищаемую информацию
BDU:2024-02527
Уязвимость микропрограммного обеспечения процессоров Intel, связанная с нарушением механизма защиты данных, позволяющая нарушителю повысить свои привилегии
BDU:2024-02607
Уязвимость микропрограммного обеспечения процессоров Intel Xeon D, связанная с неверным вычислением, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Modified: 2024-11-21
CVE-2023-22655
Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.
- https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html
- https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html
- https://security.netapp.com/advisory/ntap-20240405-0006/
- https://security.netapp.com/advisory/ntap-20240405-0006/
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html
Modified: 2024-11-21
CVE-2023-28746
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- http://www.openwall.com/lists/oss-security/2024/03/12/13
- https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html
- http://www.openwall.com/lists/oss-security/2024/03/12/13
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html
Modified: 2024-11-21
CVE-2023-38575
Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
- https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html
- https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html
- https://security.netapp.com/advisory/ntap-20240405-0008/
- https://security.netapp.com/advisory/ntap-20240405-0008/
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00982.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00982.html
Modified: 2024-11-21
CVE-2023-39368
Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network access.
- https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html
- https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html
- https://security.netapp.com/advisory/ntap-20240405-0007/
- https://security.netapp.com/advisory/ntap-20240405-0007/
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00972.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00972.html
Modified: 2024-11-21
CVE-2023-43490
Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access.
- https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html
- https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html
- https://security.netapp.com/advisory/ntap-20240405-0009/
- https://security.netapp.com/advisory/ntap-20240405-0009/
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01045.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01045.html
Modified: 2024-11-21
CVE-2023-45733
Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access.
Modified: 2024-11-21
CVE-2023-45745
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.
Modified: 2024-11-21
CVE-2023-46103
Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local access.
Modified: 2024-11-21
CVE-2023-47855
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.