Issued:

2024-10-03

Updated:

2024-10-03

RHEA-2024:7620 - microcode_ctl bug fix and enhancement update

Synopsis

microcode_ctl bug fix and enhancement update

Type/Severity

Product Enhancement Advisory None

Topic

An update for microcode_ctl is now available for Red Hat Enterprise Linux 9.

Description

The microcode_ctl packages provide microcode updates for Intel and AMD processors.

Bug Fix(es) and Enhancement(s):

• microcode_ctl: kernel: local privilege escalation on Intel microcode on Intel(R) Xeon(R) [rhel-9.4.0] (JIRA:RHEL-30860)

• microcode_ctl: kernel: Local information disclosure on Intel(R) Atom(R) processors [rhel-9.4.0] (JIRA:RHEL-30863)

• microcode_ctl: kernel: Local information disclosure in some Intel(R) processors [rhel-9.4.0] (JIRA:RHEL-30866)

• microcode_ctl: kernel: Local information disclosure on Intel(R) Xeon(R) D processors with Intel(R) SGX due to incorrect calculation in microcode [rhel-9.4.0] (JIRA:RHEL-30869)

• microcode_ctl: kernel: Possible Denial of Service on Intel(R) Processors [rhel-9.4.0] (JIRA:RHEL-30872)

• microcode_ctl: kernel: Local information disclosure on Intel(R) Atom(R) processors [rhel-9.4.z] (JIRA:RHEL-48717)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Updated Packages

• microcode_ctl-20230808-2.20240531.1.el9_4.src.rpm
• microcode_ctl-20230808-2.20240531.1.el9_4.noarch.rpm

Fixes

(none)

CVEs

• CVE-2023-22655
• CVE-2023-28746
• CVE-2023-38575
• CVE-2023-39368
• CVE-2023-43490
• CVE-2023-45733
• CVE-2023-46103

References

(none)

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.