[Bug 1984166] Re: Update to latest upstream 20220809 to fix CVE-2022-21233
King Li
1984166 at bugs.launchpad.net
Thu Aug 11 06:54:48 UTC 2022
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-21233
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to intel-microcode in Ubuntu.
https://bugs.launchpad.net/bugs/1984166
Title:
Update to latest upstream 20220809 to fix CVE-2022-21233
Status in intel-microcode package in Ubuntu:
Confirmed
Status in intel-microcode source package in Bionic:
New
Status in intel-microcode source package in Focal:
New
Status in intel-microcode source package in Jammy:
New
Bug description:
[Impact]
CVE-2022-21233
Stale data may be returned as the result of unauthorized reads to the legacy xAPIC MMIO region. This issue is present only in the legacy xAPIC mode and doesn’t affect the x2APIC mode. This can be used to expose sensitive information in an SGX enclave.
[Test Plan]
* install the updated intel-microcode packages and reboot the system
[Other Info]
Intel released microcode-20220809 release
(https://github.com/intel/Intel-Linux-Processor-Microcode-Data-
Files/releases/tag/microcode-20220809)
to address vulnerability
- CVE-2022-21233 / intel-sa-00657
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1984166/+subscriptions
More information about the foundations-bugs
mailing list