Headline
Ubuntu Security Notice USN-6797-1
Ubuntu Security Notice 6797-1 - It was discovered that some 3rd and 4th Generation Intel® Xeon® Processors did not properly restrict access to certain hardware features when using Intel® SGX or Intel® TDX. This may allow a privileged local user to potentially further escalate their privileges on the system. This issue only affected Ubuntu 23.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. It was discovered that some Intel® Atom® Processors did not properly clear register state when performing various operations. A local attacker could use this to obtain sensitive information via a transient execution attack. This issue only affected Ubuntu 23.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS and Ubuntu 16.04 LTS.
==========================================================================Ubuntu Security Notice USN-6797-1May 29, 2024intel-microcode vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 23.10- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS- Ubuntu 16.04 LTSSummary:Several security issues were fixed in Intel Microcode.Software Description:- intel-microcode: Processor microcode for Intel CPUsDetails:It was discovered that some 3rd and 4th Generation Intel® Xeon® Processorsdid not properly restrict access to certain hardware features when usingIntel® SGX or Intel® TDX. This may allow a privileged local user topotentially further escalate their privileges on the system. This issue onlyaffected Ubuntu 23.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS andUbuntu 16.04 LTS. (CVE-2023-22655)It was discovered that some Intel® Atom® Processors did not properly clearregister state when performing various operations. A local attacker coulduse this to obtain sensitive information via a transient execution attack.This issue only affected Ubuntu 23.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS,Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. (CVE-2023-28746)It was discovered that some Intel® Processors did not properly clear thestate of various hardware structures when switching execution contexts. Alocal attacker could use this to access privileged information. This issue onlyaffected Ubuntu 23.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS andUbuntu 16.04 LTS. (CVE-2023-38575)It was discovered that some Intel® Processors did not properly enforce buslock regulator protections. A remote attacker could use this to cause adenial of service. This issue only affected Ubuntu 23.10, Ubuntu 22.04 LTS,Ubuntu 20.04 LTS, Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. (CVE-2023-39368)It was discovered that some Intel® Xeon® D Processors did not properlycalculate the SGX base key when using Intel® SGX. A privileged localattacker could use this to obtain sensitive information. This issue onlyaffected Ubuntu 23.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS andUbuntu 16.04 LTS. (CVE-2023-43490)It was discovered that some Intel® Processors did not properly protect againstconcurrent accesses. A local attacker could use this to obtain sensitiveinformation. (CVE-2023-45733)It was discovered that some Intel® Processors TDX module software did notproperly validate input. A privileged local attacker could use this informationto potentially further escalate their privileges on the system.(CVE-2023-45745, CVE-2023-47855)It was discovered that some Intel® Core™ Ultra processors did not properlyhandle particular instruction sequences. A local attacker could use thisissue to cause a denial of service. (CVE-2023-46103)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS intel-microcode 3.20240514.0ubuntu0.24.04.1Ubuntu 23.10 intel-microcode 3.20240514.0ubuntu0.23.10.1Ubuntu 22.04 LTS intel-microcode 3.20240514.0ubuntu0.22.04.1Ubuntu 20.04 LTS intel-microcode 3.20240514.0ubuntu0.20.04.1Ubuntu 18.04 LTS intel-microcode 3.20240514.0ubuntu0.18.04.1+esm1 Available with Ubuntu ProUbuntu 16.04 LTS intel-microcode 3.20240514.0ubuntu0.16.04.1+esm1 Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.References: https://ubuntu.com/security/notices/USN-6797-1 CVE-2023-22655, CVE-2023-28746, CVE-2023-38575, CVE-2023-39368, CVE-2023-43490, CVE-2023-45733, CVE-2023-45745, CVE-2023-46103, CVE-2023-47855Package Information: https://launchpad.net/ubuntu/+source/intel-microcode/3.20240514.0ubuntu0.24.04.1 https://launchpad.net/ubuntu/+source/intel-microcode/3.20240514.0ubuntu0.23.10.1 https://launchpad.net/ubuntu/+source/intel-microcode/3.20240514.0ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/intel-microcode/3.20240514.0ubuntu0.20.04.1-- Alex MurrayStaff Engineer | Security EngineeringAdelaide, Australia (GMT+0930)
Related news
More than six years after the Spectre security flaw impacting modern CPU processors came to light, new research has found that the latest AMD and Intel processors are still susceptible to speculative execution attacks. The attack, disclosed by ETH Zürich researchers Johannes Wikner and Kaveh Razavi, aims to undermine the Indirect Branch Predictor Barrier (IBPB) on x86 chips, a crucial mitigation
Red Hat Security Advisory 2024-8162-03 - An update for kernel is now available for Red Hat Enterprise Linux 9. Issues addressed include information leakage and null pointer vulnerabilities.
Red Hat Security Advisory 2024-8158-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include information leakage and null pointer vulnerabilities.
Red Hat Security Advisory 2024-8157-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include information leakage and null pointer vulnerabilities.
Gentoo Linux Security Advisory 202409-10 - Multiple vulnerabilities have been discovered in Xen, the worst of which could lead to privilege escalation. Versions greater than or equal to 4.17.4 are affected.
Debian Linux Security Advisory 5658-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.