Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-7077-1

Ubuntu Security Notice 7077-1 - Enrique Nissim and Krzysztof Okupski discovered that some AMD processors did not properly restrict access to the System Management Mode configuration when the SMM Lock was enabled. A privileged local attacker could possibly use this issue to further escalate their privileges and execute arbitrary code within the processor’s firmware layer.

Packet Storm
#vulnerability#ubuntu#perl#amd

==========================================================================
Ubuntu Security Notice USN-7077-1
October 21, 2024

amd64-microcode vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 24.10
  • Ubuntu 24.04 LTS
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary:

AMD processors may allow a privileged local attacker to further escalate their
privileged and execute arbitrary code within the processor’s firmware layer.

Software Description:

  • amd64-microcode: Platform firmware and microcode for AMD CPUs and SoCs

Details:

Enrique Nissim and Krzysztof Okupski discovered that some AMD processors
did not properly restrict access to the System Management Mode (SMM)
configuration when the SMM Lock was enabled. A privileged local attacker
could possibly use this issue to further escalate their privileges and
execute arbitrary code within the processor’s firmware layer.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
amd64-microcode 3.20240116.2+nmu1ubuntu1.1

Ubuntu 24.04 LTS
amd64-microcode 3.20231019.1ubuntu2.1

Ubuntu 22.04 LTS
amd64-microcode 3.20191218.1ubuntu2.3

Ubuntu 20.04 LTS
amd64-microcode 3.20191218.1ubuntu1.3

Ubuntu 18.04 LTS
amd64-microcode 3.20191021.1+really3.20181128.1~ubuntu0.18.04.1+esm3
Available with Ubuntu Pro

Ubuntu 16.04 LTS
amd64-microcode 3.20191021.1+really3.20180524.1~ubuntu0.16.04.2+esm3
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7077-1
CVE-2023-31315

Package Information:
https://launchpad.net/ubuntu/+source/amd64-microcode/3.20240116.2+nmu1ubuntu1.1
https://launchpad.net/ubuntu/+source/amd64-microcode/3.20231019.1ubuntu2.1
https://launchpad.net/ubuntu/+source/amd64-microcode/3.20191218.1ubuntu2.3
https://launchpad.net/ubuntu/+source/amd64-microcode/3.20191218.1ubuntu1.3

Related news

Red Hat Security Advisory 2024-5982-03

Red Hat Security Advisory 2024-5982-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a bypass vulnerability.

GhostWrite: New T-Head CPU Bugs Expose Devices to Unrestricted Attacks

A team of researchers from the CISPA Helmholtz Center for Information Security in Germany has disclosed an architectural bug impacting Chinese chip company T-Head's XuanTie C910 and C920 RISC-V CPUs that could allow attackers to gain unrestricted access to susceptible devices. The vulnerability has been codenamed GhostWrite. It has been described as a direct CPU bug embedded in the hardware, as

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution