update: intel-microcode
dongsupark opened this issue · comments
Dongsu Park commented
Name: intel-microcode
CVEs: CVE-2023-45733, CVE-2023-45745, CVE-2023-46103, CVE-2023-47855
CVSSs: 2.8, 7.9, 4.7, 6.0
Action Needed: update to >= 20240514
Summary:
- CVE-2023-45733: Hardware logic contains race conditions in some Intel® Processors may allow an authenticated user to potentially enable partial information disclosure via local access.
- CVE-2023-45745: Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2023-46103: Sequence of processor instructions leads to unexpected behavior in Intel® Core™ Ultra Processors may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2023-47855: Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.
refmap.gentoo: TBD