[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1033079: bullseye-pu: package intel-microcode/3.20230214.1~deb11u1

On Thu, Mar 16, 2023 at 04:06:29PM +0100, Tobias Frost wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bullseye
> User: release.debian.org@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: intel-microcode@packages.debian.org, Salvatore Bonaccorso <carnil@debian.org>
> Control: affects -1 + src:intel-microcode
> 
> (Please refer to #1032847#12 for security team's feedback
> that this should go through SPU.)
> 
> The upload updates intel microcodes to target (See #1031334)
>        - INTEL-SA-00700: CVE-2022-21216
>        - INTEL-SA-00730: CVE-2022-33972
>        - INTEL-SA-00738: CVE-2022-33196
>        - INTEL-SA-00767: CVE-2022-38090
> 
> the CVEs are information disclosure via local access vulnerbilities and
> potential privilege escalations.

Note that speaking of fixed CVEs, for bullseye and older with the
upload CVE-2022-21233 get fixed as well (this one was as well not
warranting a DSA, it is as well SGX releated).

Regards,
Salvatore
Reply to: