SB2023022707 - Ubuntu update for intel-microcode 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023022707

SB2023022707 - Ubuntu update for intel-microcode

Published: February 27, 2023

Security Bulletin ID SB2023022707
Severity
Low
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Adjecent network
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Improper access control (CVE-ID: CVE-2022-21216)

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in out-of-band management in Intel processors. A remote privileged user on the local network can bypass implemented security restrictions and gain unauthorized access to the application.


2) Incorrect default permissions (CVE-ID: CVE-2022-33196)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for memory controller configurations for some Intel Xeon processors when using Intel Software Guard Extensions. A local user escalate privileges on the system.


3) Incorrect calculation (CVE-ID: CVE-2022-33972)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to incorrect calculation in microcode keying mechanism. A local user can gain access to sensitive information.


4) Improper isolation or compartmentalization (CVE-ID: CVE-2022-38090)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper isolation of shared resources in some Intel processors when using Intel Software Guard Extensions. A local user can gain access to sensitive information.


Remediation

Install update from vendor's website.

References