[Bug 1984166] Update Released
Chris Halse Rogers
1984166 at bugs.launchpad.net
Mon Sep 12 04:26:33 UTC 2022
The verification of the Stable Release Update for intel-microcode has
completed successfully and the package is now being released to
-updates. Subsequently, the Ubuntu Stable Release Updates Team is being
unsubscribed and will not receive messages about this bug report. In
the event that you encounter a regression using the package from
-updates please report a new bug using ubuntu-bug and tag the bug report
regression-update so we can easily find any regressions.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to intel-microcode in Ubuntu.
https://bugs.launchpad.net/bugs/1984166
Title:
Update to latest upstream 20220809 to fix CVE-2022-21233
Status in intel-microcode package in Ubuntu:
Fix Released
Status in intel-microcode source package in Bionic:
Fix Released
Status in intel-microcode source package in Focal:
Fix Released
Status in intel-microcode source package in Jammy:
Fix Released
Status in intel-microcode source package in Kinetic:
Fix Released
Bug description:
[Impact]
CVE-2022-21233
Stale data may be returned as the result of unauthorized reads to the legacy xAPIC MMIO region. This issue is present only in the legacy xAPIC mode and doesn’t affect the x2APIC mode. This can be used to expose sensitive information in an SGX enclave.
[Test Plan]
* install the updated intel-microcode packages and reboot the system
[Other Info]
Intel released microcode-20220809 release
(https://github.com/intel/Intel-Linux-Processor-Microcode-Data-
Files/releases/tag/microcode-20220809)
to address vulnerability
- CVE-2022-21233 / intel-sa-00657
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1984166/+subscriptions
More information about the foundations-bugs
mailing list