Red Hat Product Errata RHSA-2024:9401 - Security Advisory
Issued:
2024-11-12
Updated:
2024-11-12

RHSA-2024:9401 - Security Advisory

Synopsis

Moderate: microcode_ctl security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for microcode_ctl is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The microcode_ctl packages provide microcode updates for Intel and AMD processors.

Security Fix(es):

  • kernel: local privilege escalation on Intel microcode on Intel(R) Xeon(R) (CVE-2023-22655)
  • kernel: Local information disclosure on Intel(R) Atom(R) processors (CVE-2023-28746)
  • kernel: Local information disclosure in some Intel(R) processors (CVE-2023-38575)
  • kernel: Possible Denial of Service on Intel(R) Processors (CVE-2023-39368)
  • kernel: Local information disclosure on Intel(R) Xeon(R) D processors with Intel(R) SGX due to incorrect calculation in microcode (CVE-2023-43490)
  • intel-microcode: Race conditions in some Intel(R) Processors (CVE-2023-45733)
  • intel-microcode: Unexpected behavior in Intel(R) Core(TM) Ultra Processors (CVE-2023-46103)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64

Fixes

  • BZ - 2270698 - CVE-2023-22655 kernel: local privilege escalation on Intel microcode on Intel(R) Xeon(R)
  • BZ - 2270700 - CVE-2023-28746 kernel: Local information disclosure on Intel(R) Atom(R) processors
  • BZ - 2270701 - CVE-2023-38575 kernel: Local information disclosure in some Intel(R) processors
  • BZ - 2270703 - CVE-2023-39368 kernel: Possible Denial of Service on Intel(R) Processors
  • BZ - 2270704 - CVE-2023-43490 kernel: Local information disclosure on Intel(R) Xeon(R) D processors with Intel(R) SGX due to incorrect calculation in microcode
  • BZ - 2292296 - CVE-2023-45733 intel-microcode: Race conditions in some Intel(R) Processors
  • BZ - 2292300 - CVE-2023-46103 intel-microcode: Unexpected behavior in Intel(R) Core(TM) Ultra Processors

Red Hat Enterprise Linux for x86_64 9

SRPM
microcode_ctl-20240910-1.el9_5.src.rpm SHA-256: 6c9d99ec6139e7220e5fa48f26dd1718325adb7fe33b2bcdddb998c0278cffd4
x86_64
microcode_ctl-20240910-1.el9_5.noarch.rpm SHA-256: fb5572a3ac35faa3c7a5f029ac8010186a4e1c3e802b5ce0519069426d98522e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.