==========================================================================
Ubuntu Security Notice USN-7077-1
October 21, 2024

amd64-microcode vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 24.10
• Ubuntu 24.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS

Summary:

AMD processors may allow a privileged local attacker to further escalate their
privileged and execute arbitrary code within the processor’s firmware layer.

Software Description:

• amd64-microcode: Platform firmware and microcode for AMD CPUs and SoCs

Details:

Enrique Nissim and Krzysztof Okupski discovered that some AMD processors
did not properly restrict access to the System Management Mode (SMM)
configuration when the SMM Lock was enabled. A privileged local attacker
could possibly use this issue to further escalate their privileges and
execute arbitrary code within the processor’s firmware layer.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
amd64-microcode 3.20240116.2+nmu1ubuntu1.1

Ubuntu 24.04 LTS
amd64-microcode 3.20231019.1ubuntu2.1

Ubuntu 22.04 LTS
amd64-microcode 3.20191218.1ubuntu2.3

Ubuntu 20.04 LTS
amd64-microcode 3.20191218.1ubuntu1.3

Ubuntu 18.04 LTS
amd64-microcode 3.20191021.1+really3.20181128.1~ubuntu0.18.04.1+esm3
Available with Ubuntu Pro

Ubuntu 16.04 LTS
amd64-microcode 3.20191021.1+really3.20180524.1~ubuntu0.16.04.2+esm3
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7077-1
CVE-2023-31315

Package Information:
https://launchpad.net/ubuntu/+source/amd64-microcode/3.20240116.2+nmu1ubuntu1.1
https://launchpad.net/ubuntu/+source/amd64-microcode/3.20231019.1ubuntu2.1
https://launchpad.net/ubuntu/+source/amd64-microcode/3.20191218.1ubuntu2.3
https://launchpad.net/ubuntu/+source/amd64-microcode/3.20191218.1ubuntu1.3