This update ships updated CPU microcode for some types of Intel CPUs and provides mitigations for security vulnerabilities. CVE-2022-40982 Daniel Moghimi discovered Gather Data Sampling (GDS), a hardware vulnerability which allows unprivileged speculative access to data which was previously stored in vector registers. For details please refer to /https://downfall.page> and https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/gather-data-sampling.html>. CVE-2022-41804 Unauthorized error injection in Intel SGX or Intel TDX for some Intel Xeon Processors which may allow a local user to potentially escalate privileges. CVE-2023-23908 Improper access control in some 3rd Generation Intel Xeon Scalable processors may result in an information leak. For the oldstable distribution (bullseye), these problems have been fixed in version 3.20230808.1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 3.20230808.1~deb12u1. We recommend that you upgrade your intel-microcode packages. For the detailed security status of intel-microcode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/intel-microcode
This update ships updated CPU microcode for some types of Intel CPUs and provides mitigations for security vulnerabilities.
Daniel Moghimi discovered Gather Data Sampling (GDS), a hardware vulnerability which allows unprivileged speculative access to data which was previously stored in vector registers.
For details please refer to /https://downfall.page> and https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/gather-data-sampling.html>.
Unauthorized error injection in Intel SGX or Intel TDX for some Intel Xeon Processors which may allow a local user to potentially escalate privileges.
Improper access control in some 3rd Generation Intel Xeon Scalable processors may result in an information leak.
For the oldstable distribution (bullseye), these problems have been fixed in version 3.20230808.1~deb11u1.
For the stable distribution (bookworm), these problems have been fixed in version 3.20230808.1~deb12u1.
We recommend that you upgrade your intel-microcode packages.
For the detailed security status of intel-microcode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/intel-microcode