[Bug 1984166] [NEW] Update to latest upstream 20220809 to fix CVE-2022-21233

King Li 1984166 at bugs.launchpad.net
Wed Aug 10 08:31:41 UTC 2022 

Public bug reported:

[Impact]

CVE-2022-21233
Stale data may be returned as the result of unauthorized reads to the legacy xAPIC MMIO region. This issue is present only in the legacy xAPIC mode and doesn’t affect the x2APIC mode. This can be used to expose sensitive information in an SGX enclave.

[Test Plan]

 * install the updated intel-microcode packages and reboot the system

[Other Info]

Intel released microcode-20220809 release
(https://github.com/intel/Intel-Linux-Processor-Microcode-Data-
Files/releases/tag/microcode-20220809)

to address vulnerability

- CVE-2022-21233 / intel-sa-00657

** Affects: intel-microcode (Ubuntu)
     Importance: Undecided
         Status: New

** Information type changed from Private Security to Public

** Description changed:

  [Impact]
  
  CVE-2022-21233
  Stale data may be returned as the result of unauthorized reads to the legacy xAPIC MMIO region. This issue is present only in the legacy xAPIC mode and doesn’t affect the x2APIC mode. This can be used to expose sensitive information in an SGX enclave.
  
  [Test Plan]
  
-  * install the updated intel-microcode packages and reboot the system
+  * install the updated intel-microcode packages and reboot the system
  
  [Other Info]
  
- Intel released
- 
- microcode-20220809 release (https://github.com/intel/Intel-Linux-
- Processor-Microcode-Data-Files/releases/tag/microcode-20220809)
+ Intel released microcode-20220809 release
+ (https://github.com/intel/Intel-Linux-Processor-Microcode-Data-
+ Files/releases/tag/microcode-20220809)
  
  to address vulnerability
  
  - CVE-2022-21233 / intel-sa-00657

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to intel-microcode in Ubuntu.
https://bugs.launchpad.net/bugs/1984166

Title:
  Update to latest upstream 20220809 to fix CVE-2022-21233

Status in intel-microcode package in Ubuntu:
  New

Bug description:
  [Impact]

  CVE-2022-21233
  Stale data may be returned as the result of unauthorized reads to the legacy xAPIC MMIO region. This issue is present only in the legacy xAPIC mode and doesn’t affect the x2APIC mode. This can be used to expose sensitive information in an SGX enclave.

  [Test Plan]

   * install the updated intel-microcode packages and reboot the system

  [Other Info]

  Intel released microcode-20220809 release
  (https://github.com/intel/Intel-Linux-Processor-Microcode-Data-
  Files/releases/tag/microcode-20220809)

  to address vulnerability

  - CVE-2022-21233 / intel-sa-00657

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1984166/+subscriptions

More information about the foundations-bugs mailing list