intel-microcode: CVE-2023-43490 CVE-2023-39368 CVE-2023-38575 CVE-2023-22655 CVE-2023-28746

Debian Bug report logs - #1066108
intel-microcode: CVE-2023-43490 CVE-2023-39368 CVE-2023-38575 CVE-2023-22655 CVE-2023-28746

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: intel-microcode: CVE-2023-43490 CVE-2023-39368 CVE-2023-38575 CVE-2023-22655 CVE-2023-28746

Date: Tue, 12 Mar 2024 18:29:38 +0100

Source: intel-microcode
Version: 3.20231114.1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 3.20231114.1~deb12u1
Control: found -1 3.20231114.1~deb11u1

Hi,

The following vulnerabilities were published for intel-microcode.

CVE-2023-43490[0], CVE-2023-39368[1], CVE-2023-38575[2],
CVE-2023-22655[3] and CVE-2023-28746[4].


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-43490
    https://www.cve.org/CVERecord?id=CVE-2023-43490
    https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01045.html
[1] https://security-tracker.debian.org/tracker/CVE-2023-39368
    https://www.cve.org/CVERecord?id=CVE-2023-39368
    https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00972.html
[2] https://security-tracker.debian.org/tracker/CVE-2023-38575
    https://www.cve.org/CVERecord?id=CVE-2023-38575
    https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00982.html
[3] https://security-tracker.debian.org/tracker/CVE-2023-22655
    https://www.cve.org/CVERecord?id=CVE-2023-22655
    https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html
[4] https://security-tracker.debian.org/tracker/CVE-2023-28746
    https://www.cve.org/CVERecord?id=CVE-2023-28746
    https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html
    https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/register-file-data-sampling.html

I think we should do a classical top-down approach here, let it first
go through unstable. We can decide if we want to postpone it trough
the point release afterwards or go via a point release.

Regards,
Salvatore

Message #16 received at 1066108-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

To: 1066108-close@bugs.debian.org

Subject: Bug#1066108: fixed in intel-microcode 3.20240312.1

Date: Wed, 13 Mar 2024 00:44:01 +0000

[Message part 1 (text/plain, inline)]

Source: intel-microcode
Source-Version: 3.20240312.1
Done: Henrique de Moraes Holschuh <hmh@debian.org>

We believe that the bug you reported is fixed in the latest version of
intel-microcode, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1066108@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Henrique de Moraes Holschuh <hmh@debian.org> (supplier of updated intel-microcode package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 12 Mar 2024 20:28:17 -0300
Source: intel-microcode
Architecture: source
Version: 3.20240312.1
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh <hmh@debian.org>
Changed-By: Henrique de Moraes Holschuh <hmh@debian.org>
Closes: 1066108
Changes:
 intel-microcode (3.20240312.1) unstable; urgency=medium
 .
   * New upstream microcode datafile 20240312 (closes: #1066108)
     - Mitigations for INTEL-SA-INTEL-SA-00972 (CVE-2023-39368):
       Protection mechanism failure of bus lock regulator for some Intel
       Processors may allow an unauthenticated user to potentially enable
       denial of service via network access.
     - Mitigations for INTEL-SA-INTEL-SA-00982 (CVE-2023-38575):
       Non-transparent sharing of return predictor targets between contexts in
       some Intel Processors may allow an authorized user to potentially
       enable information disclosure via local access.  Affects SGX as well.
     - Mitigations for INTEL-SA-INTEL-SA-00898 (CVE-2023-28746), aka RFDS:
       Information exposure through microarchitectural state after transient
       execution from some register files for some Intel Atom Processors and
       E-cores of Intel Core Processors may allow an authenticated user to
       potentially enable information disclosure via local access.  Enhances
       VERW instruction to clear stale register buffers.  Affects SGX as well.
       Requires kernel update to be effective.
     - Mitigations for INTEL-SA-INTEL-SA-00960 (CVE-2023-22655), aka TECRA:
       Protection mechanism failure in some 3rd and 4th Generation Intel Xeon
       Processors when using Intel SGX or Intel TDX may allow a privileged
       user to potentially enable escalation of privilege via local access.
       NOTE: effective only when loaded by firmware.  Allows SMM firmware to
       attack SGX/TDX.
     - Mitigations for INTEL-SA-INTEL-SA-01045 (CVE-2023-43490):
       Incorrect calculation in microcode keying mechanism for some Intel
       Xeon D Processors with Intel SGX may allow a privileged user to
       potentially enable information disclosure via local access.
   * Fixes for other unspecified functional issues on many processors
   * Updated microcodes:
     sig 0x00050653, pf_mask 0x97, 2023-07-28, rev 0x1000191, size 36864
     sig 0x00050656, pf_mask 0xbf, 2023-07-28, rev 0x4003605, size 38912
     sig 0x00050657, pf_mask 0xbf, 2023-07-28, rev 0x5003605, size 37888
     sig 0x0005065b, pf_mask 0xbf, 2023-08-03, rev 0x7002802, size 30720
     sig 0x00050665, pf_mask 0x10, 2023-08-03, rev 0xe000015, size 23552
     sig 0x000506f1, pf_mask 0x01, 2023-10-05, rev 0x003e, size 11264
     sig 0x000606a6, pf_mask 0x87, 2023-09-14, rev 0xd0003d1, size 307200
     sig 0x000606c1, pf_mask 0x10, 2023-12-05, rev 0x1000290, size 299008
     sig 0x000706a1, pf_mask 0x01, 2023-08-25, rev 0x0040, size 76800
     sig 0x000706a8, pf_mask 0x01, 2023-08-25, rev 0x0024, size 76800
     sig 0x000706e5, pf_mask 0x80, 2023-09-14, rev 0x00c4, size 114688
     sig 0x000806c1, pf_mask 0x80, 2023-09-13, rev 0x00b6, size 111616
     sig 0x000806c2, pf_mask 0xc2, 2023-09-13, rev 0x0036, size 98304
     sig 0x000806d1, pf_mask 0xc2, 2023-09-13, rev 0x0050, size 104448
     sig 0x000806ec, pf_mask 0x94, 2023-07-16, rev 0x00fa, size 106496
     sig 0x000806f8, pf_mask 0x87, 2024-01-03, rev 0x2b000590, size 579584
     sig 0x000806f7, pf_mask 0x87, 2024-01-03, rev 0x2b000590
     sig 0x000806f6, pf_mask 0x87, 2024-01-03, rev 0x2b000590
     sig 0x000806f5, pf_mask 0x87, 2024-01-03, rev 0x2b000590
     sig 0x000806f4, pf_mask 0x87, 2024-01-03, rev 0x2b000590
     sig 0x00090661, pf_mask 0x01, 2023-09-26, rev 0x0019, size 20480
     sig 0x00090672, pf_mask 0x07, 2023-09-19, rev 0x0034, size 224256
     sig 0x00090675, pf_mask 0x07, 2023-09-19, rev 0x0034
     sig 0x000b06f2, pf_mask 0x07, 2023-09-19, rev 0x0034
     sig 0x000b06f5, pf_mask 0x07, 2023-09-19, rev 0x0034
     sig 0x000906a3, pf_mask 0x80, 2023-09-19, rev 0x0432, size 222208
     sig 0x000906a4, pf_mask 0x80, 2023-09-19, rev 0x0432
     sig 0x000906c0, pf_mask 0x01, 2023-09-26, rev 0x24000026, size 20480
     sig 0x000906e9, pf_mask 0x2a, 2023-09-28, rev 0x00f8, size 108544
     sig 0x000906ea, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 105472
     sig 0x000906ec, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 106496
     sig 0x000906ed, pf_mask 0x22, 2023-07-27, rev 0x00fc, size 106496
     sig 0x000a0652, pf_mask 0x20, 2023-07-16, rev 0x00fa, size 97280
     sig 0x000a0653, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
     sig 0x000a0655, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
     sig 0x000a0660, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 97280
     sig 0x000a0661, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 96256
     sig 0x000a0671, pf_mask 0x02, 2023-09-14, rev 0x005e, size 108544
     sig 0x000b0671, pf_mask 0x32, 2023-12-14, rev 0x0122, size 215040
     sig 0x000b06a2, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
     sig 0x000b06a3, pf_mask 0xe0, 2023-12-07, rev 0x4121
     sig 0x000b06e0, pf_mask 0x11, 2023-09-25, rev 0x0015, size 138240
   * New microcodes:
     sig 0x000a06a4, pf_mask 0xe6, 2024-01-03, rev 0x001c, size 136192
     sig 0x000b06a8, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
     sig 0x000c06f2, pf_mask 0x87, 2023-11-20, rev 0x21000200, size 549888
     sig 0x000c06f1, pf_mask 0x87, 2023-11-20, rev 0x21000200
   * source: update symlinks to reflect id of the latest release, 20240312
   * changelog, debian/changelog: fix typos
Checksums-Sha1:
 363d2d83a9838f01baee96c3a46de2aa1617f678 1798 intel-microcode_3.20240312.1.dsc
 3aad9fef572dc5819a915da28cc179530e73696a 7684552 intel-microcode_3.20240312.1.tar.xz
 3ff5da5d521277d3e80536b7559132987b4161fc 6695 intel-microcode_3.20240312.1_amd64.buildinfo
Checksums-Sha256:
 ad9fe747156a06913ff5391480a130d3ddf1d53eb04f8c3279e2b7f4fdd3ad99 1798 intel-microcode_3.20240312.1.dsc
 25f53bab1bf0c84aba927a77a97a9f1147c94199fa95b5187d874f839f022808 7684552 intel-microcode_3.20240312.1.tar.xz
 cd166cc81a85e4c6db78ffc0b7664a159d699e27929992ee3e7932a7ae5c2664 6695 intel-microcode_3.20240312.1_amd64.buildinfo
Files:
 9878d178688330ab834f2ac44abdef29 1798 non-free-firmware/admin standard intel-microcode_3.20240312.1.dsc
 50d7be941f29d6a87976fdcd0323c0fa 7684552 non-free-firmware/admin standard intel-microcode_3.20240312.1.tar.xz
 246106ea7e07fdd3e21e97ef5461283a 6695 non-free-firmware/admin standard intel-microcode_3.20240312.1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpvbMGUAhfu+gsYOwlOXoPKamj0cFAmXw7Z0ACgkQlOXoPKam
j0ehdRAAyYxSaJRimId6K52m1/jIfr8oU/J56nYBW0JOoarpx1MsEjG5xuT+T2cB
NaW9w5BF+5mWhC7wLrUyR2Q2Ggs9SXu3yF3dQohLw6m+hZ2Getix29R4BFHqZ3Hp
xd3SN8MzpxUvQTFIaoSRNO9gyPIQxETsIfq6fnC0tLyxpJ0BvQwz2QG2C6DqyIxm
aDH1PCdEawGiVn9ea35CIzqdI/JB06lrq2I7LTm/W4XTvQGyNVtgaTZjkMWS1dsL
MhAZ5/W4Zlw1MvkLIdxpOyr33PJJOgrayf/sBtCrlhFOrHVCgAZZQl9Slah/GqlA
7yAqEWsCoaLG/7UjlwhSwnKM0qZfO6/Jujec595hoJsxVevqMHgwkJ+P6hCpV664
0pzBNccXqNOQQ1PqLkbCaM0oy+sV0aEjyfnlj2vXXctg0XH5AFISEpLZg2MWpL6r
cMG5GHY1nOQl9ArhPCu0CGMwy074HvCd4iIB8r63Dk5eFycfD6uIQ/FHHxXO7LWd
OGpBbAdrHn/WM6dzfODFgjJon6HMSxDVePwuochFvm4tsf67tJNFbmDjdPpU59Ao
a+I5issKUuklYrRWDAitylZCNahEt2p83NXYVwVglxvOZ6t4MuYi2p1vXCudG5ym
qWAHj7pQBqpQztHqo6t47O8ZOBKF1chCxnnE22fGd5Sq59Jd/1k=
=nSVF
-----END PGP SIGNATURE-----

[Message part 2 (application/pgp-signature, inline)]

Send a report that this bug log contains spam.