Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6967-1

Ubuntu Security Notice 6967-1 - It was discovered that some Intel® Core™ Ultra Processors did not properly isolate the stream cache. A local authenticated user could potentially use this to escalate their privileges. It was discovered that some Intel® Processors did not properly isolate the stream cache. A local authenticated user could potentially use this to escalate their privileges. It was discovered that some Intel® Processors did not correctly transition between the executive monitor and SMI transfer monitor. A privileged local attacker could use this to escalate their privileges.

Packet Storm
#vulnerability#ubuntu#dos#intel#perl#auth

==========================================================================
Ubuntu Security Notice USN-6967-1
August 19, 2024

intel-microcode vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 24.04 LTS
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Intel Microcode.

Software Description:

  • intel-microcode: Processor microcode for Intel CPUs

Details:

It was discovered that some Intel® Core™ Ultra Processors did not properly
isolate the stream cache. A local authenticated user could potentially use
this to escalate their privileges. (CVE-2023-42667)

It was discovered that some Intel® Processors did not properly isolate the
stream cache. A local authenticated user could potentially use this to
escalate their privileges. (CVE-2023-49141)

It was discovered that some Intel® Processors did not correctly transition
between the executive monitor and SMI transfer monitor (STM). A privileged
local attacker could use this to escalate their privileges.
(CVE-2024-24853)

It was discovered that some 3rd, 4th, and 5th Generation Intel® Xeon®
Processors failed to properly implement a protection mechanism. A local
attacker could use this to potentially escalate their privileges.
(CVE-2024-24980)

It was discovered that some 3rd Generation Intel Xeon Scalable Processors
did not properly handle mirrored regions with different values. A
privileged local user could use this to cause a denial of service (system
crash). (CVE-2024-25939)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
intel-microcode 3.20240813.0ubuntu0.24.04.2

Ubuntu 22.04 LTS
intel-microcode 3.20240813.0ubuntu0.22.04.2

Ubuntu 20.04 LTS
intel-microcode 3.20240813.0ubuntu0.20.04.2

Ubuntu 18.04 LTS
intel-microcode 3.20240813.0ubuntu0.18.04.1+esm2
Available with Ubuntu Pro

Ubuntu 16.04 LTS
intel-microcode 3.20240813.0ubuntu0.16.04.1+esm2
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6967-1
CVE-2023-42667, CVE-2023-49141, CVE-2024-24853, CVE-2024-24980,
CVE-2024-25939

Package Information:
https://launchpad.net/ubuntu/+source/intel-microcode/3.20240813.0ubuntu0.24.04.2
https://launchpad.net/ubuntu/+source/intel-microcode/3.20240813.0ubuntu0.22.04.2
https://launchpad.net/ubuntu/+source/intel-microcode/3.20240813.0ubuntu0.20.04.2

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution