Security update for ucode-intel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:1684-1 Final 1 1 2024-05-18T17:58:41Z current 2024-05-18T17:58:41Z 2024-05-18T17:58:41Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ucode-intel This update for ucode-intel fixes the following issues: Intel CPU Microcode was updated to the 20240514 release (bsc#1224277) - CVE-2023-45733: Fixed a potential security vulnerability in some Intel® Processors that may have allowed information disclosure. - CVE-2023-46103: Fixed a potential security vulnerability in Intel® Core™ Ultra Processors that may have allowed denial of service. - CVE-2023-45745,CVE-2023-47855: Fixed a potential security vulnerabilities in some Intel® Trust Domain Extensions (TDX) module software that may have allowed escalation of privilege. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES12-SP5-SAP-Azure-LI-BYOS-Production-2024-1684,Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production-2024-1684,SUSE-2024-1684,SUSE-SLE-SERVER-12-SP5-2024-1684 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20241684-1/ Link for SUSE-SU-2024:1684-1 https://lists.suse.com/pipermail/sle-security-updates/2024-May/018548.html E-Mail link for SUSE-SU-2024:1684-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1224277 SUSE Bug 1224277 https://www.suse.com/security/cve/CVE-2023-45733/ SUSE CVE CVE-2023-45733 page https://www.suse.com/security/cve/CVE-2023-45745/ SUSE CVE CVE-2023-45745 page https://www.suse.com/security/cve/CVE-2023-46103/ SUSE CVE CVE-2023-46103 page https://www.suse.com/security/cve/CVE-2023-47855/ SUSE CVE CVE-2023-47855 page Image SLES12-SP5-SAP-Azure-LI-BYOS-Production Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 ucode-intel-20240514-137.1 ucode-intel-20240514-137.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production ucode-intel-20240514-137.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production ucode-intel-20240514-137.1 as a component of SUSE Linux Enterprise Server 12 SP5 ucode-intel-20240514-137.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access. CVE-2023-45733 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:ucode-intel-20240514-137.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:ucode-intel-20240514-137.1 SUSE Linux Enterprise Server 12 SP5:ucode-intel-20240514-137.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20240514-137.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241684-1/ https://www.suse.com/security/cve/CVE-2023-45733.html CVE-2023-45733 https://bugzilla.suse.com/1224277 SUSE Bug 1224277 Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2023-45745 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:ucode-intel-20240514-137.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:ucode-intel-20240514-137.1 SUSE Linux Enterprise Server 12 SP5:ucode-intel-20240514-137.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20240514-137.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241684-1/ https://www.suse.com/security/cve/CVE-2023-45745.html CVE-2023-45745 https://bugzilla.suse.com/1224277 SUSE Bug 1224277 Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local access. CVE-2023-46103 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:ucode-intel-20240514-137.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:ucode-intel-20240514-137.1 SUSE Linux Enterprise Server 12 SP5:ucode-intel-20240514-137.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20240514-137.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241684-1/ https://www.suse.com/security/cve/CVE-2023-46103.html CVE-2023-46103 https://bugzilla.suse.com/1224277 SUSE Bug 1224277 Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2023-47855 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:ucode-intel-20240514-137.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:ucode-intel-20240514-137.1 SUSE Linux Enterprise Server 12 SP5:ucode-intel-20240514-137.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20240514-137.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241684-1/ https://www.suse.com/security/cve/CVE-2023-47855.html CVE-2023-47855 https://bugzilla.suse.com/1224277 SUSE Bug 1224277