SB2023090204 - openEuler 22.03 LTS SP2 update for microcode_ctl
Published: September 2, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Incorrect default permissions (CVE-ID: CVE-2022-33196)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions for memory controller configurations for some Intel Xeon processors when using Intel Software Guard Extensions. A local user escalate privileges on the system.
2) Improper isolation or compartmentalization (CVE-ID: CVE-2022-38090)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper isolation of shared resources in some Intel processors when using Intel Software Guard Extensions. A local user can gain access to sensitive information.
3) Information exposure through microarchitectural state after transient execution (CVE-ID: CVE-2022-40982)
The vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to the way data is shared between threads whereby the AVX GATHER instructions on Intel processors can forward the content of stale vector registers to dependent instructions. A malicious guest can infer data from different contexts on the same core and execute arbitrary code with elevated privileges.
Remediation
Install update from vendor's website.