[SECURITY] [DLA 3537-1] intel-microcode security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3537-1] intel-microcode security update
From: Utkarsh Gupta <guptautkarsh2102@gmail.com>
Date: Tue, 22 Aug 2023 06:39:42 +0530
Message-id: <[🔎] CAPP0f97cLpo_FSUfAJ8xfSeyuajv=byYEJjzKTZpUWJX5qLHgA@mail.gmail.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-3537-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
August 22, 2023                             https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : intel-microcode
Version        : 3.20230808.1~deb10u1
CVE ID         : CVE-2022-40982 CVE-2022-41804 CVE-2023-23908
Debian Bug     : 1043305

This update ships updated CPU microcode for some types of Intel CPUs
and provides mitigations for security vulnerabilities.

CVE-2022-40982

    Daniel Moghimi discovered Gather Data Sampling (GDS), a hardware
    vulnerability which allows unprivileged speculative access to data
    which was previously stored in vector registers.

    For details please refer to https://downfall.page/ and
    https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/gather-data-sampling.html.

CVE-2022-41804

    Unauthorized error injection in Intel SGX or Intel TDX for some
    Intel Xeon Processors which may allow a local user to potentially
    escalate privileges.

CVE-2023-23908

    Improper access control in some 3rd Generation Intel Xeon Scalable
    processors may result in an information leak.

For Debian 10 buster, these problems have been fixed in version
3.20230808.1~deb10u1.

We recommend that you upgrade your intel-microcode packages.

For the detailed security status of intel-microcode please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/intel-microcode

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmTkCooACgkQgj6WdgbD
S5ZWiA//YJVisVo4kXiZCUDPIwHKkxULyRv6RgZEN9bylUgH9j1FKgJEY6uWsAyq
Gwiophxus42knFdQ2lu/lHjt/0T15MpfYkYBX74V7qRuUgR+mWxfp3FE5n0/IFJl
lqpgJRaX3CZlVqZ6UqiYiO7fyeoyBRFByQlj/2yrGS0UvIpZ4g7DLDf7dJrVlGPx
J1sH6NfIZFXb7vO3UI3l7QBchp+T7eGULGvcw15UAQxkPCEpT+c7o7eKhPDsbMam
mMVRug+prNIkvSR28RDppqPwaC1VQCDX20FvW3wU3DLzJoRowMTE3VC+bQtwqgfq
kBFyezdtf7eb1vcASUhsZW4NwC/iiBICyVnrua1NRMHPIKv+u4+ME3YWpx7jHMxC
fmoAG3wd6mhO3PrjPYgKvESeuEcW2vVqk9WWTb55QynnAjPE1GTQTPdm5iVX1FSc
piTSd4aYG5jk7pAa9IrUrDCgeYwZIQk5NMloulaPySYMb8hjIdC3ABL6/wDktmJG
HuhCDnD6XjBWE4dH9pUU+xQWj84McoCfZLcllWdpPg+QsVKcNzPLyuWX+A6xC1/y
I5iu26h/UCg3uw5cxEyHDyJ9gP4O08d9ct49bsbBxKrFgKegwNagzFFdyHQBizU4
SQOtNfp7JSG454Yrl9zBjBlCtD2AKA+e7bQfjQeBJ9r85QrlL08=
=UkYC
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3533-1] lxc security update
Next by Date: [SECURITY] [DLA 3538-1] zabbix security update
Previous by thread: [SECURITY] [DLA 3533-1] lxc security update
Next by thread: [SECURITY] [DLA 3538-1] zabbix security update
Index(es):
- Date
- Thread