[Bug 1984166] Re: Update to latest upstream 20220809 to fix CVE-2022-21233
Brian Murray
1984166 at bugs.launchpad.net
Tue Sep 13 17:27:50 UTC 2022
Was this supposed to also end up in -security? I ask as it isn't there.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to intel-microcode in Ubuntu.
https://bugs.launchpad.net/bugs/1984166
Title:
Update to latest upstream 20220809 to fix CVE-2022-21233
Status in intel-microcode package in Ubuntu:
Fix Released
Status in intel-microcode source package in Bionic:
Fix Released
Status in intel-microcode source package in Focal:
Fix Released
Status in intel-microcode source package in Jammy:
Fix Released
Status in intel-microcode source package in Kinetic:
Fix Released
Bug description:
[Impact]
CVE-2022-21233
Stale data may be returned as the result of unauthorized reads to the legacy xAPIC MMIO region. This issue is present only in the legacy xAPIC mode and doesn’t affect the x2APIC mode. This can be used to expose sensitive information in an SGX enclave.
[Test Plan]
* install the updated intel-microcode packages and reboot the system
[Other Info]
Intel released microcode-20220809 release
(https://github.com/intel/Intel-Linux-Processor-Microcode-Data-
Files/releases/tag/microcode-20220809)
to address vulnerability
- CVE-2022-21233 / intel-sa-00657
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1984166/+subscriptions
More information about the foundations-bugs
mailing list