SUSE-SU-2023:0454-1: important: Security update for ucode-intel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Feb 20 17:19:51 UTC 2023


   SUSE Security Update: Security update for ucode-intel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2023:0454-1
Rating:             important
References:         #1208275 #1208276 #1208277 
Cross-References:   CVE-2022-21216 CVE-2022-33196 CVE-2022-38090
                   
CVSS scores:
                    CVE-2022-21216 (NVD) : 7.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L
                    CVE-2022-21216 (SUSE): 7.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L
                    CVE-2022-33196 (NVD) : 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
                    CVE-2022-33196 (SUSE): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
                    CVE-2022-38090 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
                    CVE-2022-38090 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Affected Products:
                    SUSE CaaS Platform 4.0
                    SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
                    SUSE Linux Enterprise Server 15-SP1-LTSS
                    SUSE Linux Enterprise Server for SAP 15-SP1
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:

   This update for ucode-intel fixes the following issues:

   Updated to Intel CPU Microcode 20230214 release.

   Security issues fixed:

   - CVE-2022-38090: Security updates for
   [INTEL-SA-00767](https://www.intel.com/content/www/us/en/security-center/ad
     visory/intel-sa-00767.html) (bsc#1208275)
   - CVE-2022-33196: Security updates for
   [INTEL-SA-00738](https://www.intel.com/content/www/us/en/security-center/ad
     visory/intel-sa-00738.html) (bsc#1208276)
   - CVE-2022-21216: Security updates for
   [INTEL-SA-00700](https://www.intel.com/content/www/us/en/security-center/ad
     visory/intel-sa-00700.html) (bsc#1208277)

   - New Platforms:

     | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  |
   Products
   |:---------------|:---------|:------------|:---------|:---------|:---------
    | SPR-SP         | E2       | 06-8f-05/87 |          | 2b000181 | Xeon
   Scalable Gen4 | SPR-SP         | E3       | 06-8f-06/87 |          |
   2b000181 | Xeon Scalable Gen4 | SPR-SP         | E4       | 06-8f-07/87
   |          | 2b000181 | Xeon Scalable Gen4 | SPR-SP         | E5       |
   06-8f-08/87 |          | 2b000181 | Xeon Scalable Gen4 | SPR-HBM        |
   B3       | 06-8f-08/10 |          | 2c000170 | Xeon Max | RPL-P 6+8      |
   J0       | 06-ba-02/07 |          | 0000410e | Core Gen13 | RPL-H 6+8
   | J0       | 06-ba-02/07 |          | 0000410e | Core Gen13 | RPL-U
   2+8      | Q0       | 06-ba-02/07 |          | 0000410e | Core Gen13

   - Updated Platforms:

     | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  |
   Products
   |:---------------|:---------|:------------|:---------|:---------|:---------
    | ADL            | C0       | 06-97-02/07 | 00000026 | 0000002c | Core
   Gen12 | ADL            | C0       | 06-97-05/07 | 00000026 | 0000002c |
   Core Gen12 | ADL            | C0       | 06-bf-02/07 | 00000026 | 0000002c
   | Core Gen12 | ADL            | C0       | 06-bf-05/07 | 00000026 |
   0000002c | Core Gen12 | ADL            | L0       | 06-9a-03/80 | 00000424
   | 00000429 | Core Gen12 | ADL            | L0       | 06-9a-04/80 |
   00000424 | 00000429 | Core Gen12 | CLX-SP         | B0       | 06-55-06/bf
   | 04003302 | 04003303 | Xeon Scalable Gen2 | CLX-SP         | B1       |
   06-55-07/bf | 05003302 | 05003303 | Xeon Scalable Gen2 | CPX-SP         |
   A1       | 06-55-0b/bf | 07002501 | 07002503 | Xeon Scalable Gen3 |
   GLK            | B0       | 06-7a-01/01 | 0000003c | 0000003e | Pentium
   Silver N/J5xxx, Celeron N/J4xxx | GLK-R          | R0       | 06-7a-08/01
   | 00000020 | 00000022 | Pentium J5040/N5030, Celeron
   J4125/J4025/N4020/N4120 | ICL-D          | B0       | 06-6c-01/10 |
   01000201 | 01000211 | Xeon D-17xx, D-27xx | ICL-U/Y        | D1       |
   06-7e-05/80 | 000000b6 | 000000b8 | Core Gen10 Mobile | ICX-SP         |
   D0       | 06-6a-06/87 | 0d000375 | 0d000389 | Xeon Scalable Gen3 |
   JSL            | A0/A1    | 06-9c-00/01 | 24000023 | 24000024 | Pentium
   N6000/N6005, Celeron N4500/N4505/N5100/N5105 | LKF            | B2/B3    |
   06-8a-01/10 | 00000031 | 00000032 | Core w/Hybrid Technology |
   RKL-S          | B0       | 06-a7-01/02 | 00000056 | 00000057 | Core Gen11
   | RPL-S          | S0       | 06-b7-01/32 | 0000010e | 00000112 | Core
   Gen13 | SKX-SP         | B1       | 06-55-03/97 | 0100015e | 01000161 |
   Xeon Scalable


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15-SP1:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-454=1

   - SUSE Linux Enterprise Server 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-454=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-454=1

   - SUSE CaaS Platform 4.0:

      To install this update, use the SUSE CaaS Platform 'skuba' tool. It
      will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.



Package List:

   - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):

      ucode-intel-20230214-150100.3.217.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):

      ucode-intel-20230214-150100.3.217.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):

      ucode-intel-20230214-150100.3.217.1

   - SUSE CaaS Platform 4.0 (x86_64):

      ucode-intel-20230214-150100.3.217.1


References:

   https://www.suse.com/security/cve/CVE-2022-21216.html
   https://www.suse.com/security/cve/CVE-2022-33196.html
   https://www.suse.com/security/cve/CVE-2022-38090.html
   https://bugzilla.suse.com/1208275
   https://bugzilla.suse.com/1208276
   https://bugzilla.suse.com/1208277



More information about the sle-security-updates mailing list