Opened 7 weeks ago
Closed 3 weeks ago
#19455 closed enhancement (fixed)
intel-microcode-20240312 (waiting for more info)
Reported by: | Xi Ruoyao | Owned by: | blfs-book |
---|---|---|---|
Priority: | elevated | Milestone: | 99-Waiting |
Component: | Errata | Version: | git |
Severity: | normal | Keywords: | |
Cc: |
Description (last modified by )
New release.
Security scores/fixes for
- 6.5 CVE-2023-39368 (denial of service via network access),
- 5.5 CVE-2023-38575 (information disclosure via local access),
- 6.5 CVE-2023-28746 (information disclosure via local access on some Atom processors, and E cores of Alder Lake & Raptor Lake processors),
- 6.1 CVE-2023-22655 (local privilege escalation with SGX or TDX), and
- 5.3 CVE-2023-43490 (information disclosure via local access with SGX). Note that SGX and TDX are unsupported on LFS at all.
Change History (10)
comment:1 by , 7 weeks ago
Component: | BOOK → Errata |
---|
comment:3 by , 6 weeks ago
Replying to Xi Ruoyao:
CVE-2023-28746 ("RFDS") fix needs a kernel update.
And oops, it also affects the E cores of Alder Lake and Raptor Lake.
comment:4 by , 6 weeks ago
Description: | modified (diff) |
---|
comment:5 by , 6 weeks ago
Description: | modified (diff) |
---|
Updated description format and added initial security scores there.
comment:6 by , 6 weeks ago
I'll issue an advisory for RFDS once we update to Linux 6.8.1 (lfs:#5453). Not sure about others...
comment:7 by , 6 weeks ago
Milestone: | 12.2 → 99-Waiting |
---|---|
Summary: | intel-microcode-20240312 → intel-microcode-20240312 (waiting for more info) |
SA 12.1-009 for RFDS.
For other vulnerabilities waiting for Intel to release more info.
comment:8 by , 3 weeks ago
The affected processor lists are long, thus I'll list them in "models" from lscpu output.
CVE-2023-39368 (INTEL-SA-00972) is affecting models 191, 190, 183 (only stepping 1, and except Xeon E processors), 154 (except Atom processors), 151, 143 (except "Sapphire Rapids Edge Enhanced" processors).
comment:9 by , 3 weeks ago
CVE-2023-38575 (INTEL-SA-00982) is affecting models 191, 183 (all), 154, 151, 143 (except "Sapphire Rapids Edge Enhanced" processors).
I've updated the book at r12.1-108-gd4208d0bc8 but some necessary information for the SA (mainly, the affected CPUs and if a kernel update is needed besides the microcode update) is not disclosed yet. Leaving this open for the SA.