microcode_ctl-20240910-1.el9

The microcode_ctl packages provide microcode updates for Intel and AMD processors.

Security Fix(es):

* kernel: local privilege escalation on Intel microcode on Intel(R) Xeon(R) (CVE-2023-22655)
* kernel: Local information disclosure on Intel(R) Atom(R) processors (CVE-2023-28746)
* kernel: Local information disclosure in some Intel(R) processors (CVE-2023-38575)
* kernel: Possible Denial of Service on Intel(R) Processors (CVE-2023-39368)
* kernel: Local information disclosure on Intel(R) Xeon(R) D processors with Intel(R) SGX due to incorrect calculation in microcode (CVE-2023-43490)
* intel-microcode: Race conditions in some Intel(R) Processors (CVE-2023-45733)
* intel-microcode: Unexpected behavior in Intel(R) Core(TM) Ultra Processors (CVE-2023-46103)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the MIRACLE LINUX 9.5 Release Notes linked from the References section.

CVE-2023-22655
Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-28746
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2023-38575
Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
CVE-2023-39368
Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network access.
CVE-2023-43490
Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access.
CVE-2023-45733
Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access.
CVE-2023-46103
Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local access.