{"id":"MGASA-2023-0249","summary":"Updated microcode packages fix security vulnerabilities","details":"This update adds initial microcode updates for AMD and Intel CPUs for the\nfollowing security issues:\n\n\nAMD:\nA side channel vulnerability in some of the AMD CPUs may allow an attacker\nto influence the return address prediction. This may result in speculative\nexecution at an attacker-controlled instruction pointer register,\npotentially leading to information disclosure (CVE-2023-20569).\n\n\nIntel:\nInformation exposure through microarchitectural state after transient\nexecution in certain vector execution units for some Intel(R) Processors\nmay allow an authenticated user to potentially enable information disclosure\nvia local access (CVE-2022-40982, INTEL-SA-00828).\n\nUnauthorized error injection in Intel(R) SGX or Intel(R) TDX for some \nIntel(R) Xeon(R) Processors may allow a privileged user to potentially\nenable escalation of privilege via local access (CVE-2022-41804,\nINTEL-SA-00837).\n\nImproper access control in some 3rd Generation Intel(R) Xeon(R) Scalable\nprocessors may allow a privileged user to potentially enable information\ndisclosure via local access (CVE-2023-23908, INTEL-SA-00836).\n","modified":"2026-02-04T02:59:04.709607Z","published":"2023-08-23T19:56:41Z","related":["CVE-2022-40982","CVE-2022-41804","CVE-2023-20569","CVE-2023-23908"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0249.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32167"},{"type":"REPORT","url":"https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html"},{"type":"REPORT","url":"https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808"},{"type":"REPORT","url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html"},{"type":"REPORT","url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html"},{"type":"REPORT","url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00837.html"}],"affected":[{"package":{"name":"microcode","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/microcode?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.20230808-2.mga8.nonfree"}]}],"ecosystem_specific":{"section":"nonfree"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0249.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}