SB2022051078 - Fedora 36 update for microcode_ctl

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2022-0005)

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists due to sensitive information becomes accessible by physical probing of JTAG interface in the Intel Software Guard Extensions (SGX) Platform. An attacker with physical access to the affected device can gain access to sensitive data.

2) Improper access control (CVE-ID: CVE-2022-21131)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper access restrictions. A local user can gain access to sensitive information.

3) Input validation error (CVE-ID: CVE-2022-21136)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A local privileged user can perform a denial of service (DoS) attack.

4) Information disclosure (CVE-ID: CVE-2022-21151)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to an error during processor optimization removal or modification of security-critical code. A local privileged user can gain access to potentially sensitive information.

Remediation

Install update from vendor's website.

References

• https://bodhi.fedoraproject.org/updates/FEDORA-2022-688cbbf106