Security update for kernel-firmware SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:2944-1 Final 1 1 2024-08-16T11:08:39Z current 2024-08-16T11:08:39Z 2024-08-16T11:08:39Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for kernel-firmware This update for kernel-firmware fixes the following issues: - CVE-2023-31315: Fixed validation in a model specific register (MSR) that lead to modification of SMM configuration by malicious program with ring0 access (bsc#1229069) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-2944,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-2944,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-2944,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-2944 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20242944-1/ Link for SUSE-SU-2024:2944-1 https://lists.suse.com/pipermail/sle-updates/2024-August/036480.html E-Mail link for SUSE-SU-2024:2944-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1229069 SUSE Bug 1229069 https://www.suse.com/security/cve/CVE-2023-31315/ SUSE CVE CVE-2023-31315 page SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP2 kernel-firmware-20200107-150100.3.43.1 ucode-amd-20200107-150100.3.43.1 kernel-firmware-20200107-150100.3.43.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS ucode-amd-20200107-150100.3.43.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS kernel-firmware-20200107-150100.3.43.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS ucode-amd-20200107-150100.3.43.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS kernel-firmware-20200107-150100.3.43.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 ucode-amd-20200107-150100.3.43.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution. CVE-2023-31315 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:kernel-firmware-20200107-150100.3.43.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:ucode-amd-20200107-150100.3.43.1 SUSE Linux Enterprise Server 15 SP2-LTSS:kernel-firmware-20200107-150100.3.43.1 SUSE Linux Enterprise Server 15 SP2-LTSS:ucode-amd-20200107-150100.3.43.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:kernel-firmware-20200107-150100.3.43.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:ucode-amd-20200107-150100.3.43.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20242944-1/ https://www.suse.com/security/cve/CVE-2023-31315.html CVE-2023-31315 https://bugzilla.suse.com/1229069 SUSE Bug 1229069