{"id":"MGASA-2024-0103","summary":"Updated microcode packages fix security vulnerabilities","details":"Protection mechanism failure in some 3rd and 4th Generation Intel(R)\nXeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a\nprivileged user to potentially enable escalation of privilege via local\naccess. (CVE-2023-22655)\nInformation exposure through microarchitectural state after transient\nexecution from some register files for some Intel(R) Atom(R) Processors\nmay allow an authenticated user to potentially enable information\ndisclosure via local access. (CVE-2023-28746)\nNon-transparent sharing of return predictor targets between contexts in\nsome Intel(R) Processors may allow an authorized user to potentially\nenable information disclosure via local access. (CVE-2023-38575)\nProtection mechanism failure of bus lock regulator for some Intel(R)\nProcessors may allow an unauthenticated user to potentially enable\ndenial of service via network access. (CVE-2023-39368)\nIncorrect calculation in microcode keying mechanism for some Intel(R)\nXeon(R) D Processors with Intel(R) SGX may allow a privileged user to\npotentially enable information disclosure via local access.\n(CVE-2023-43490)\n","modified":"2026-04-16T00:12:15.015824200Z","published":"2024-03-31T03:27:58Z","upstream":["CVE-2023-22655","CVE-2023-28746","CVE-2023-38575","CVE-2023-39368","CVE-2023-43490"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0103.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33015"},{"type":"WEB","url":"https://lwn.net/Articles/966603/"},{"type":"WEB","url":"https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312"}],"affected":[{"package":{"name":"microcode","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/microcode?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.20240312-1.mga9.nonfree"}]}],"ecosystem_specific":{"section":"nonfree"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0103.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}