MGASA-2023-0244

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2023-0244.html

Import Source

https://advisories.mageia.org/MGASA-2023-0244.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2023-0244

Related

CVE-2023-20593

Published

2023-07-26T22:07:49Z

Modified

2023-07-26T20:58:12Z

Summary

Updated microcode packages fix security vulnerability

Details

Under specific microarchitectural circumstances, a register in "Zen 2" CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information (CVE-2023-20593, also known as Zenbleed).

This update adds the microcode for Amd Epyc gen 2 cpus. Other Zen 2 based CPUs will get their microcode update at a later time when Amd has fixed and validated the microcodes, see the referenced Amd url that has info about estimated timelines for various CPUs.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / microcode

Package

Name: microcode
Purl: pkg:rpm/mageia/microcode?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.20230613-2.mga8.nonfree

Ecosystem specific

{
    "section": "nonfree"
}