{"id":"MGASA-2023-0244","summary":"Updated microcode packages fix security vulnerability","details":"Under specific microarchitectural circumstances, a register in \"Zen 2\"\nCPUs may not be written to 0 correctly. This may cause data from another\nprocess and/or thread to be stored in the YMM register, which may allow\nan attacker to potentially access sensitive information (CVE-2023-20593,\nalso known as Zenbleed).\n\nThis update adds the microcode for Amd Epyc gen 2 cpus. Other Zen 2 based\nCPUs will get their microcode update at a later time when Amd has fixed\nand validated the microcodes, see the referenced Amd url that has info\nabout estimated timelines for various CPUs.\n","modified":"2026-01-31T13:51:44.002383Z","published":"2023-07-26T22:07:49Z","related":["CVE-2023-20593"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0244.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32142"},{"type":"REPORT","url":"https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html"}],"affected":[{"package":{"name":"microcode","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/microcode?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.20230613-2.mga8.nonfree"}]}],"ecosystem_specific":{"section":"nonfree"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0244.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}