SUSE-SU-2023:0454-1: important: Security update for ucode-intel
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Mon Feb 20 17:19:50 UTC 2023
SUSE Security Update: Security update for ucode-intel
______________________________________________________________________________
Announcement ID: SUSE-SU-2023:0454-1
Rating: important
References: #1208275 #1208276 #1208277
Cross-References: CVE-2022-21216 CVE-2022-33196 CVE-2022-38090
CVSS scores:
CVE-2022-21216 (NVD) : 7.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L
CVE-2022-21216 (SUSE): 7.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L
CVE-2022-33196 (NVD) : 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
CVE-2022-33196 (SUSE): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
CVE-2022-38090 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
CVE-2022-38090 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Affected Products:
SUSE CaaS Platform 4.0
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server for SAP 15-SP1
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20230214 release.
Security issues fixed:
- CVE-2022-38090: Security updates for
[INTEL-SA-00767](https://www.intel.com/content/www/us/en/security-center/ad
visory/intel-sa-00767.html) (bsc#1208275)
- CVE-2022-33196: Security updates for
[INTEL-SA-00738](https://www.intel.com/content/www/us/en/security-center/ad
visory/intel-sa-00738.html) (bsc#1208276)
- CVE-2022-21216: Security updates for
[INTEL-SA-00700](https://www.intel.com/content/www/us/en/security-center/ad
visory/intel-sa-00700.html) (bsc#1208277)
- New Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver |
Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| SPR-SP | E2 | 06-8f-05/87 | | 2b000181 | Xeon
Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | |
2b000181 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87
| | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E5 |
06-8f-08/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-HBM |
B3 | 06-8f-08/10 | | 2c000170 | Xeon Max | RPL-P 6+8 |
J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-H 6+8
| J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-U
2+8 | Q0 | 06-ba-02/07 | | 0000410e | Core Gen13
- Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver |
Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000026 | 0000002c | Core
Gen12 | ADL | C0 | 06-97-05/07 | 00000026 | 0000002c |
Core Gen12 | ADL | C0 | 06-bf-02/07 | 00000026 | 0000002c
| Core Gen12 | ADL | C0 | 06-bf-05/07 | 00000026 |
0000002c | Core Gen12 | ADL | L0 | 06-9a-03/80 | 00000424
| 00000429 | Core Gen12 | ADL | L0 | 06-9a-04/80 |
00000424 | 00000429 | Core Gen12 | CLX-SP | B0 | 06-55-06/bf
| 04003302 | 04003303 | Xeon Scalable Gen2 | CLX-SP | B1 |
06-55-07/bf | 05003302 | 05003303 | Xeon Scalable Gen2 | CPX-SP |
A1 | 06-55-0b/bf | 07002501 | 07002503 | Xeon Scalable Gen3 |
GLK | B0 | 06-7a-01/01 | 0000003c | 0000003e | Pentium
Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01
| 00000020 | 00000022 | Pentium J5040/N5030, Celeron
J4125/J4025/N4020/N4120 | ICL-D | B0 | 06-6c-01/10 |
01000201 | 01000211 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 |
06-7e-05/80 | 000000b6 | 000000b8 | Core Gen10 Mobile | ICX-SP |
D0 | 06-6a-06/87 | 0d000375 | 0d000389 | Xeon Scalable Gen3 |
JSL | A0/A1 | 06-9c-00/01 | 24000023 | 24000024 | Pentium
N6000/N6005, Celeron N4500/N4505/N5100/N5105 | LKF | B2/B3 |
06-8a-01/10 | 00000031 | 00000032 | Core w/Hybrid Technology |
RKL-S | B0 | 06-a7-01/02 | 00000056 | 00000057 | Core Gen11
| RPL-S | S0 | 06-b7-01/32 | 0000010e | 00000112 | Core
Gen13 | SKX-SP | B1 | 06-55-03/97 | 0100015e | 01000161 |
Xeon Scalable
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-454=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-454=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-454=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):
ucode-intel-20230214-150100.3.217.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):
ucode-intel-20230214-150100.3.217.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):
ucode-intel-20230214-150100.3.217.1
- SUSE CaaS Platform 4.0 (x86_64):
ucode-intel-20230214-150100.3.217.1
References:
https://www.suse.com/security/cve/CVE-2022-21216.html
https://www.suse.com/security/cve/CVE-2022-33196.html
https://www.suse.com/security/cve/CVE-2022-38090.html
https://bugzilla.suse.com/1208275
https://bugzilla.suse.com/1208276
https://bugzilla.suse.com/1208277
More information about the sle-updates
mailing list