Mageia alert MGASA-2024-0377 (microcode)

From:
             
 
Mageia Updates <updates-announce@ml.mageia.org>
To:
             
 
updates-announce@ml.mageia.org
Subject:
             
 
[updates-announce] MGASA-2024-0377: Updated microcode packages fix security vulnerabilities
Date:
             
 
Wed, 27 Nov 2024 20:59:51 +0100
Message-ID:
             
 
<20241127195951.C57AE9FE2E@duvel.mageia.org>
Archive-link:
             
 
Article
MGASA-2024-0377 - Updated microcode packages fix security vulnerabilities

Publication date: 27 Nov 2024
URL: https://advisories.mageia.org/MGASA-2024-0377.html
Type: security
Affected Mageia releases: 9
CVE: CVE-2024-21853,
     CVE-2024-23918,
     CVE-2024-21820

Description:
Improper Finite State Machines (FSMs) in the Hardware logic in some 4th
and 5th Generation Intel\xae Xeon\xae Processors may allow an authorized user
to potentially enable denial of service via local access.
(CVE-2024-21853)
Improper conditions check in some Intel\xae Xeon\xae processor memory
controller configurations when using Intel\xae SGX may allow a privileged
user to potentially enable escalation of privilege via local access.
(CVE-2024-23918)
Incorrect default permissions in some Intel\xae Xeon\xae processor memory
controller configurations when using Intel\xae SGX may allow a privileged
user to potentially enable escalation of privilege via local access.
(CVE-2024-21820)

References:
- https://bugs.mageia.org/show_bug.cgi?id=33770
-
https://github.com/intel/Intel-Linux-Processor-Microcode-...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2...

SRPMS:
- 9/nonfree/microcode-0.20241112-1.mga9.nonfree