USN-5886-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-5886-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5886-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-5886-1

Related

Published

2023-02-27T05:12:38.619204Z

Modified

2023-02-27T05:12:38.619204Z

Summary

intel-microcode vulnerabilities

Details

Erik C. Bjorge discovered that some Intel(R) Atom and Intel Xeon Scalable Processors did not properly implement access controls for out-of-band management. This may allow a privileged network-adjacent user to potentially escalate privileges. (CVE-2022-21216)

Cfir Cohen, Erdem Aktas, Felix Wilhelm, James Forshaw, Josh Eads, Nagaraju Kodalapura Nagabhushana Rao, Przemyslaw Duda, Liron Shacham and Ron Anderson discovered that some Intel(R) Xeon(R) Processors used incorrect default permissions in some memory controller configurations when using Intel(R) Software Guard Extensions. This may allow a privileged local user to potentially escalate privileges. (CVE-2022-33196)

It was discovered that some 3rd Generation Intel(R) Xeon(R) Scalable Processors did not properly calculate microkey keying. This may allow a privileged local user to potentially disclose information. (CVE-2022-33972)

Joseph Nuzman discovered that some Intel(R) Processors when using Intel(R) Software Guard Extensions did not properly isolate shared resources. This may allow a privileged local user to potentially disclose information. (CVE-2022-38090)

References

Affected packages

Ubuntu:Pro:16.04:LTS / intel-microcode

Package

Name: intel-microcode
Purl: pkg:deb/ubuntu/intel-microcode?arch=src?distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.20230214.0ubuntu0.16.04.1+esm1

Affected versions

3.*

3.20150121.1

3.20151106.1

3.20170707.1~ubuntu16.04.0

3.20180108.0~ubuntu16.04.2

3.20180108.0+really20170707ubuntu16.04.1

3.20180312.0~ubuntu16.04.1

3.20180425.1~ubuntu0.16.04.1

3.20180425.1~ubuntu0.16.04.2

3.20180807a.0ubuntu0.16.04.1

3.20190514.0ubuntu0.16.04.1

3.20190514.0ubuntu0.16.04.2

3.20190618.0ubuntu0.16.04.1

3.20191112-0ubuntu0.16.04.2

3.20191115.1ubuntu0.16.04.1

3.20191115.1ubuntu0.16.04.2

3.20200609.0ubuntu0.16.04.0

3.20200609.0ubuntu0.16.04.1

3.20201110.0ubuntu0.16.04.1

3.20201110.0ubuntu0.16.04.2

3.20210216.0ubuntu0.16.04.1

3.20210608.0ubuntu0.16.04.1+esm1

3.20220510.0ubuntu0.16.04.1+esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "3.20230214.0ubuntu0.16.04.1+esm1",
            "binary_name": "intel-microcode"
        }
    ]
}

Ubuntu:18.04:LTS / intel-microcode

Package

Name: intel-microcode
Purl: pkg:deb/ubuntu/intel-microcode?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.20230214.0ubuntu0.18.04.1

Affected versions

3.*

3.20170707.1

3.20171117.1

3.20180108.1

3.20180108.1+really20171117.1

3.20180312.0~ubuntu18.04.1

3.20180425.1~ubuntu0.18.04.1

3.20180425.1~ubuntu0.18.04.2

3.20180807a.0ubuntu0.18.04.1

3.20190514.0ubuntu0.18.04.2

3.20190514.0ubuntu0.18.04.3

3.20190618.0ubuntu0.18.04.1

3.20191112-0ubuntu0.18.04.2

3.20191115.1ubuntu0.18.04.1

3.20191115.1ubuntu0.18.04.2

3.20200609.0ubuntu0.18.04.0

3.20200609.0ubuntu0.18.04.1

3.20201110.0ubuntu0.18.04.1

3.20201110.0ubuntu0.18.04.2

3.20210216.0ubuntu0.18.04.1

3.20210608.0ubuntu0.18.04.1

3.20220510.0ubuntu0.18.04.1

3.20220809.0ubuntu0.18.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "3.20230214.0ubuntu0.18.04.1",
            "binary_name": "intel-microcode"
        }
    ]
}

Ubuntu:20.04:LTS / intel-microcode

Package

Name: intel-microcode
Purl: pkg:deb/ubuntu/intel-microcode?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.20230214.0ubuntu0.20.04.1

Affected versions

3.*

3.20190918.1ubuntu1

3.20191115.1ubuntu1

3.20191115.1ubuntu2

3.20191115.1ubuntu3

3.20200609.0ubuntu0.20.04.0

3.20200609.0ubuntu0.20.04.1

3.20200609.0ubuntu0.20.04.2

3.20201110.0ubuntu0.20.04.1

3.20201110.0ubuntu0.20.04.2

3.20210216.0ubuntu0.20.04.1

3.20210608.0ubuntu0.20.04.1

3.20220510.0ubuntu0.20.04.1

3.20220809.0ubuntu0.20.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "3.20230214.0ubuntu0.20.04.1",
            "binary_name": "intel-microcode"
        }
    ]
}

Ubuntu:22.04:LTS / intel-microcode

Package

Name: intel-microcode
Purl: pkg:deb/ubuntu/intel-microcode?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.20230214.0ubuntu0.22.04.1

Affected versions

3.*

3.20210608.2ubuntu1

3.20220510.0ubuntu0.22.04.1

3.20220809.0ubuntu0.22.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "3.20230214.0ubuntu0.22.04.1",
            "binary_name": "intel-microcode"
        }
    ]
}