An update for microcode_ctl is now available for openEuler-20.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1730 Final 1.0 1.0 2024-06-14 Initial 2024-06-14 2024-06-14 openEuler SA Tool V1.0 2024-06-14 microcode_ctl security update An update for microcode_ctl is now available for openEuler-20.03-LTS-SP4. This is a tool to transform and deploy microcode update for x86 CPUs. Security Fix(es): Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access.(CVE-2023-45733) Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2023-45745) Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local access.(CVE-2023-46103) Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2023-47855) An update for microcode_ctl is now available for openEuler-20.03-LTS-SP4. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High microcode_ctl https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1730 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-45733 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-45745 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-46103 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-47855 https://nvd.nist.gov/vuln/detail/CVE-2023-45733 https://nvd.nist.gov/vuln/detail/CVE-2023-45745 https://nvd.nist.gov/vuln/detail/CVE-2023-46103 https://nvd.nist.gov/vuln/detail/CVE-2023-47855 openEuler-20.03-LTS-SP4 microcode_ctl-20240531-1.oe2003sp4.src.rpm microcode_ctl-20240531-1.oe2003sp4.x86_64.rpm Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access. 2024-06-14 CVE-2023-45733 openEuler-20.03-LTS-SP4 Low 2.8 AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N microcode_ctl security update 2024-06-14 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1730 Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access. 2024-06-14 CVE-2023-45745 openEuler-20.03-LTS-SP4 High 7.9 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N microcode_ctl security update 2024-06-14 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1730 Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local access. 2024-06-14 CVE-2023-46103 openEuler-20.03-LTS-SP4 Medium 4.7 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H microcode_ctl security update 2024-06-14 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1730 Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access. 2024-06-14 CVE-2023-47855 openEuler-20.03-LTS-SP4 Medium 6.0 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N microcode_ctl security update 2024-06-14 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1730