MGASA-2023-0244 - Updated microcode packages fix security vulnerability Publication date: 26 Jul 2023
URL: https://advisories.mageia.org/MGASA-2023-0244.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2023-20593 Under specific microarchitectural circumstances, a register in "Zen 2"
CPUs may not be written to 0 correctly. This may cause data from another
process and/or thread to be stored in the YMM register, which may allow
an attacker to potentially access sensitive information (CVE-2023-20593,
also known as Zenbleed). This update adds the microcode for Amd Epyc gen 2 cpus. Other Zen 2 based
CPUs will get their microcode update at a later time when Amd has fixed
and validated the microcodes, see the referenced Amd url that has info
about estimated timelines for various CPUs. References:
- https://bugs.mageia.org/show_bug.cgi?id=32142
- https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20593 SRPMS:
- 8/nonfree/microcode-0.20230613-2.mga8.nonfree
Support the originator by clicking the read the rest link below.
