Headline
Ubuntu Security Notice USN-5886-1
Ubuntu Security Notice 5886-1 - Erik C. Bjorge discovered that some Intel Atom and Intel Xeon Scalable Processors did not properly implement access controls for out-of-band management. This may allow a privileged network-adjacent user to potentially escalate privileges. Cfir Cohen, Erdem Aktas, Felix Wilhelm, James Forshaw, Josh Eads, Nagaraju Kodalapura Nagabhushana Rao, Przemyslaw Duda, Liron Shacham and Ron Anderson discovered that some Intel Xeon Processors used incorrect default permissions in some memory controller configurations when using Intel Software Guard Extensions. This may allow a privileged local user to potentially escalate privileges.
=========================================================================
Ubuntu Security Notice USN-5886-1
February 27, 2023
intel-microcode vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Intel Microcode.
Software Description:
- intel-microcode: Processor microcode for Intel CPUs
Details:
Erik C. Bjorge discovered that some Intel® Atom and Intel Xeon Scalable
Processors did not properly implement access controls for out-of-band
management. This may allow a privileged network-adjacent user to potentially
escalate privileges. (CVE-2022-21216)
Cfir Cohen, Erdem Aktas, Felix Wilhelm, James Forshaw, Josh Eads, Nagaraju
Kodalapura Nagabhushana Rao, Przemyslaw Duda, Liron Shacham and Ron Anderson
discovered that some Intel® Xeon® Processors used incorrect default
permissions in some memory controller configurations when using Intel®
Software Guard Extensions. This may allow a privileged local user to potentially
escalate privileges. (CVE-2022-33196)
It was discovered that some 3rd Generation Intel® Xeon® Scalable Processors
did not properly calculate microkey keying. This may allow a privileged local
user to potentially disclose information. (CVE-2022-33972)
Joseph Nuzman discovered that some Intel® Processors when using Intel®
Software Guard Extensions did not properly isolate shared resources. This may
allow a privileged local user to potentially disclose
information. (CVE-2022-38090)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
intel-microcode 3.20230214.0ubuntu0.22.10.1
Ubuntu 22.04 LTS:
intel-microcode 3.20230214.0ubuntu0.22.04.1
Ubuntu 20.04 LTS:
intel-microcode 3.20230214.0ubuntu0.20.04.1
Ubuntu 18.04 LTS:
intel-microcode 3.20230214.0ubuntu0.18.04.1
Ubuntu 16.04 ESM:
intel-microcode 3.20230214.0ubuntu0.16.04.1+esm1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5886-1
CVE-2022-21216, CVE-2022-33196, CVE-2022-33972, CVE-2022-38090
Package Information:
https://launchpad.net/ubuntu/+source/intel-microcode/3.20230214.0ubuntu0.22.10.1
https://launchpad.net/ubuntu/+source/intel-microcode/3.20230214.0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/intel-microcode/3.20230214.0ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/intel-microcode/3.20230214.0ubuntu0.18.04.1
Related news
Red Hat Security Advisory 2023-5209-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21216: A flaw was found in the Linux kernel. A potential security vulnerability in some Intel(R) Atom(R) and Intel(R) Xeon(R) Scalable Processors may allow privilege escalation. This flaw may allow a privileged user to enable privilege escalation via adjacent network...
Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access.
Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local access.
Incorrect calculation in microcode keying mechanism for some 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable information disclosure via local access.
Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network access.