Bug 1224277 (CVE-2023-45733, CVE-2023-45745, CVE-2023-46103, CVE-2023-47855)

Summary: VUL-0: ucode-intel: 20240514 release
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Marcus Meissner <meissner>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium    
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/405831/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-45733:2.8:(AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N) CVSSv3.1:SUSE:CVE-2023-45745:7.9:(AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N) CVSSv3.1:SUSE:CVE-2023-46103:4.7:(AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H) CVSSv3.1:SUSE:CVE-2023-47855:6.0:(AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2024-05-15 09:56:53 UTC 
## [microcode-20240514](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240514)

### Purpose

- Security updates for [INTEL-SA-01051](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01051.html)
- Security updates for [INTEL-SA-01052](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01052.html)
- Security updates for [INTEL-SA-01036](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html)
- Update for functional issues. Refer to [5th Gen Intel® Xeon® Processor Scalable Family](https://cdrdv2.intel.com/v1/dl/getContent/793902) for details.
- Update for functional issues. Refer to [4th Gen Intel® Xeon® Scalable Processors Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/772415) for details.
- Update for functional issues. Refer to [14th & 13th Generation Intel® Core™ Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/740518) for details.
- Update for functional issues. Refer to [12th Generation Intel® Core™ Processor Family](https://cdrdv2.intel.com/v1/dl/getContent/682436) for details.
- Update for functional issues. Refer to [Intel® Processors and Intel® Core™ i3 N-Series](https://cdrdv2.intel.com/v1/dl/getContent/764616) for details.

### New Platforms

| Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products
|:---------------|:---------|:------------|:---------|:---------|:---------


### Updated Platforms

| Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL            | C0       | 06-97-02/07 | 00000034 | 00000035 | Core Gen12
| ADL            | H0       | 06-97-05/07 | 00000034 | 00000035 | Core Gen12
| ADL            | L0       | 06-9a-03/80 | 00000432 | 00000433 | Core Gen12
| ADL            | R0       | 06-9a-04/80 | 00000432 | 00000433 | Core Gen12
| ADL-N          | N0       | 06-be-00/11 | 00000015 | 00000017 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| AZB            | A0       | 06-9a-04/40 | 00000005 | 00000007 | Intel(R) Atom(R) C1100
| AZB            | R0       | 06-9a-04/40 | 00000005 | 00000007 | Intel(R) Atom(R) C1100
| EMR-SP         | A0      | 06-cf-01/87 | 21000200 | 21000230 | Xeon Scalable Gen5
| EMR-SP         | A1      | 06-cf-02/87 | 21000200 | 21000230 | Xeon Scalable Gen5
| RPL-E/HX/S     | B0       | 06-b7-01/32 | 00000122 | 00000123 | Core Gen13/Gen14
| RPL-HX/S       | C0       | 06-bf-02/07 | 00000034 | 00000035 | Core Gen13/Gen14
| RPL-S          | H0       | 06-bf-05/07 | 00000034 | 00000035 | Core Gen13/Gen14
| SPR-HBM        | Bx       | 06-8f-08/10 | 2c000290 | 2c000390 | Xeon Max
| SPR-SP         | E2       | 06-8f-05/87 | 2b000590 | 2b0005c0 | Xeon Scalable Gen4
| SPR-SP         | E3       | 06-8f-06/87 | 2b000590 | 2b0005c0 | Xeon Scalable Gen4
| SPR-SP         | E4/S2    | 06-8f-07/87 | 2b000590 | 2b0005c0 | Xeon Scalable Gen4
| SPR-SP         | E5/S3    | 06-8f-08/87 | 2b000590 | 2b0005c0 | Xeon Scalable Gen4
Comment 1 Marcus Meissner 2024-05-15 09:57:36 UTC 
Summary: 

A potential security vulnerability in some Intel® Processors may allow information disclosure. Intel is releasing microcode updates to mitigate this potential vulnerability.
Vulnerability Details: 

CVEID:  CVE-2023-45733

Description: Hardware logic contains race conditions in some Intel® Processors may allow an authenticated user to potentially enable partial information disclosure via local access.

CVSS Base Score: 2.8 Low

CVSS Vector:  CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
Comment 2 Marcus Meissner 2024-05-15 09:58:10 UTC 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01052.html

Summary: 

A potential security vulnerability in Intel® Core™ Ultra Processors may allow denial of service. Intel is releasing microcode updates to mitigate this potential vulnerability.
Vulnerability Details: 

CVEID:  CVE-2023-46103

Description: Sequence of processor instructions leads to unexpected behavior in Intel® Core™ Ultra Processors may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 4.7 Medium

CVSS Vector:  CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Comment 3 Marcus Meissner 2024-05-15 09:58:46 UTC 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html

Summary: 

Potential security vulnerabilities in some Intel® Trust Domain Extensions (TDX) module software may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities.
Vulnerability Details: 

CVEID:  CVE-2023-45745

Description: Improper input validation in some Intel® TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.9 High

CVSS Vector:  CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N


CVEID:  CVE-2023-47855

Description: Improper input validation in some Intel® TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector:  CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Affected Products:

Intel® TDX module software before version TDX_1.5.05.46.698.
Comment 5 Maintenance Automation 2024-05-20 08:30:10 UTC 
SUSE-SU-2024:1684-1: An update that solves four vulnerabilities can now be installed.

Category: security (important)
Bug References: 1224277
CVE References: CVE-2023-45733, CVE-2023-45745, CVE-2023-46103, CVE-2023-47855
Maintenance Incident: [SUSE:Maintenance:33860](https://smelt.suse.de/incident/33860/)
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 ucode-intel-20240514-137.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 ucode-intel-20240514-137.1
SUSE Linux Enterprise Server 12 SP5 (src):
 ucode-intel-20240514-137.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Maintenance Automation 2024-05-23 20:30:03 UTC 
SUSE-SU-2024:1771-1: An update that solves four vulnerabilities can now be installed.

Category: security (important)
Bug References: 1224277
CVE References: CVE-2023-45733, CVE-2023-45745, CVE-2023-46103, CVE-2023-47855
Maintenance Incident: [SUSE:Maintenance:33858](https://smelt.suse.de/incident/33858/)
Sources used:
openSUSE Leap Micro 5.3 (src):
 ucode-intel-20240514-150200.41.1
openSUSE Leap Micro 5.4 (src):
 ucode-intel-20240514-150200.41.1
openSUSE Leap 15.5 (src):
 ucode-intel-20240514-150200.41.1
openSUSE Leap 15.6 (src):
 ucode-intel-20240514-150200.41.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src):
 ucode-intel-20240514-150200.41.1
SUSE Linux Enterprise Micro 5.3 (src):
 ucode-intel-20240514-150200.41.1
SUSE Linux Enterprise Micro for Rancher 5.4 (src):
 ucode-intel-20240514-150200.41.1
SUSE Linux Enterprise Micro 5.4 (src):
 ucode-intel-20240514-150200.41.1
SUSE Linux Enterprise Micro 5.5 (src):
 ucode-intel-20240514-150200.41.1
Basesystem Module 15-SP5 (src):
 ucode-intel-20240514-150200.41.1
Basesystem Module 15-SP6 (src):
 ucode-intel-20240514-150200.41.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src):
 ucode-intel-20240514-150200.41.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src):
 ucode-intel-20240514-150200.41.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src):
 ucode-intel-20240514-150200.41.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src):
 ucode-intel-20240514-150200.41.1
SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src):
 ucode-intel-20240514-150200.41.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src):
 ucode-intel-20240514-150200.41.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src):
 ucode-intel-20240514-150200.41.1
SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src):
 ucode-intel-20240514-150200.41.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src):
 ucode-intel-20240514-150200.41.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src):
 ucode-intel-20240514-150200.41.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src):
 ucode-intel-20240514-150200.41.1
SUSE Manager Proxy 4.3 (src):
 ucode-intel-20240514-150200.41.1
SUSE Manager Retail Branch Server 4.3 (src):
 ucode-intel-20240514-150200.41.1
SUSE Manager Server 4.3 (src):
 ucode-intel-20240514-150200.41.1
SUSE Enterprise Storage 7.1 (src):
 ucode-intel-20240514-150200.41.1
SUSE Linux Enterprise Micro 5.1 (src):
 ucode-intel-20240514-150200.41.1
SUSE Linux Enterprise Micro 5.2 (src):
 ucode-intel-20240514-150200.41.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src):
 ucode-intel-20240514-150200.41.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.