An update for microcode_ctl is now available for openEuler-24.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1732 Final 1.0 1.0 2024-06-14 Initial 2024-06-14 2024-06-14 openEuler SA Tool V1.0 2024-06-14 microcode_ctl security update An update for microcode_ctl is now available for openEuler-24.03-LTS. This is a tool to transform and deploy microcode update for x86 CPUs. Security Fix(es): Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2023-22655) Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2023-28746) Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.(CVE-2023-38575) Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network access.(CVE-2023-39368) Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access.(CVE-2023-43490) Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access.(CVE-2023-45733) Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2023-45745) Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local access.(CVE-2023-46103) Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2023-47855) An update for microcode_ctl is now available for openEuler-24.03-LTS. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High microcode_ctl https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1732 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-22655 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-28746 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-38575 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-39368 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-43490 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-45733 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-45745 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-46103 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-47855 https://nvd.nist.gov/vuln/detail/CVE-2023-22655 https://nvd.nist.gov/vuln/detail/CVE-2023-28746 https://nvd.nist.gov/vuln/detail/CVE-2023-38575 https://nvd.nist.gov/vuln/detail/CVE-2023-39368 https://nvd.nist.gov/vuln/detail/CVE-2023-43490 https://nvd.nist.gov/vuln/detail/CVE-2023-45733 https://nvd.nist.gov/vuln/detail/CVE-2023-45745 https://nvd.nist.gov/vuln/detail/CVE-2023-46103 https://nvd.nist.gov/vuln/detail/CVE-2023-47855 openEuler-24.03-LTS microcode_ctl-20240531-1.oe2403.src.rpm microcode_ctl-20240531-1.oe2403.x86_64.rpm Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. 2024-06-14 CVE-2023-22655 openEuler-24.03-LTS Medium 6.1 AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N microcode_ctl security update 2024-06-14 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1732 Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. 2024-06-14 CVE-2023-28746 openEuler-24.03-LTS Medium 6.5 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N microcode_ctl security update 2024-06-14 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1732 Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. 2024-06-14 CVE-2023-38575 openEuler-24.03-LTS Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N microcode_ctl security update 2024-06-14 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1732 Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network access. 2024-06-14 CVE-2023-39368 openEuler-24.03-LTS Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H microcode_ctl security update 2024-06-14 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1732 Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access. 2024-06-14 CVE-2023-43490 openEuler-24.03-LTS Medium 5.3 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N microcode_ctl security update 2024-06-14 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1732 Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access. 2024-06-14 CVE-2023-45733 openEuler-24.03-LTS Low 2.8 AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N microcode_ctl security update 2024-06-14 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1732 Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access. 2024-06-14 CVE-2023-45745 openEuler-24.03-LTS High 7.9 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N microcode_ctl security update 2024-06-14 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1732 Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local access. 2024-06-14 CVE-2023-46103 openEuler-24.03-LTS Medium 4.7 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H microcode_ctl security update 2024-06-14 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1732 Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access. 2024-06-14 CVE-2023-47855 openEuler-24.03-LTS Medium 6.0 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N microcode_ctl security update 2024-06-14 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1732