SB2024122742 - Fedora 40 update for microcode_ctl

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Incorrect default permissions (CVE-ID: CVE-2024-21820)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions in some Intel Xeon processor memory controller configurations when using Intel SGX. A local user escalate privileges on the system.

2) Improper finite state machines in hardware logic (CVE-ID: CVE-2024-21853)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in hardware logic. A local unprivileged user can perform a denial of service (DoS) attack.

3) Improper Check for Unusual or Exceptional Conditions (CVE-ID: CVE-2024-23918)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper error handling in Intel SGX. A local user can execute arbitrary code with elevated privileges.

4) Observable discrepancy (CVE-ID: CVE-2024-23984)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to observable discrepancy in Running Average Power Limit (RAPL) interface. A local privileged user can gain access to potentially sensitive information.

Remediation

Install update from vendor's website.

References

• https://bodhi.fedoraproject.org/updates/FEDORA-2024-d20a106350