Security update for ucode-intel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:0575-1 Final 1 1 2022-02-25T16:00:30Z current 2022-02-25T16:00:30Z 2022-02-25T16:00:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ucode-intel This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220207 release. - CVE-2021-0146: Fixed a potential security vulnerability in some Intel Processors may allow escalation of privilege (bsc#1192615) - CVE-2021-0127: Intel Processor Breakpoint Control Flow (bsc#1195779) - CVE-2021-0145: Fast store forward predictor - Cross Domain Training (bsc#1195780) - CVE-2021-33120: Out of bounds read for some Intel Atom processors (bsc#1195781) - Security updates for [INTEL-SA-00528](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html) - Security updates for [INTEL-SA-00532](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00532.html) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). HPE-Helion-OpenStack-8-2022-575,SUSE-2022-575,SUSE-OpenStack-Cloud-8-2022-575,SUSE-OpenStack-Cloud-9-2022-575,SUSE-OpenStack-Cloud-Crowbar-8-2022-575,SUSE-OpenStack-Cloud-Crowbar-9-2022-575,SUSE-SLE-SAP-12-SP3-2022-575,SUSE-SLE-SAP-12-SP4-2022-575,SUSE-SLE-SERVER-12-SP2-BCL-2022-575,SUSE-SLE-SERVER-12-SP3-2022-575,SUSE-SLE-SERVER-12-SP3-BCL-2022-575,SUSE-SLE-SERVER-12-SP4-LTSS-2022-575 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20220575-1/ Link for SUSE-SU-2022:0575-1 https://lists.suse.com/pipermail/sle-security-updates/2022-February/010308.html E-Mail link for SUSE-SU-2022:0575-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1192615 SUSE Bug 1192615 https://bugzilla.suse.com/1195779 SUSE Bug 1195779 https://bugzilla.suse.com/1195780 SUSE Bug 1195780 https://bugzilla.suse.com/1195781 SUSE Bug 1195781 https://www.suse.com/security/cve/CVE-2021-0127/ SUSE CVE CVE-2021-0127 page https://www.suse.com/security/cve/CVE-2021-0145/ SUSE CVE CVE-2021-0145 page https://www.suse.com/security/cve/CVE-2021-0146/ SUSE CVE CVE-2021-0146 page https://www.suse.com/security/cve/CVE-2021-33120/ SUSE CVE CVE-2021-33120 page HPE Helion OpenStack 8 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ucode-intel-20220207-13.93.1 ucode-intel-20220207-13.93.1 as a component of HPE Helion OpenStack 8 ucode-intel-20220207-13.93.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL ucode-intel-20220207-13.93.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL ucode-intel-20220207-13.93.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS ucode-intel-20220207-13.93.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS ucode-intel-20220207-13.93.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 ucode-intel-20220207-13.93.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 ucode-intel-20220207-13.93.1 as a component of SUSE OpenStack Cloud 8 ucode-intel-20220207-13.93.1 as a component of SUSE OpenStack Cloud 9 ucode-intel-20220207-13.93.1 as a component of SUSE OpenStack Cloud Crowbar 8 ucode-intel-20220207-13.93.1 as a component of SUSE OpenStack Cloud Crowbar 9 Insufficient control flow management in some Intel(R) Processors may allow an authenticated user to potentially enable a denial of service via local access. CVE-2021-0127 HPE Helion OpenStack 8:ucode-intel-20220207-13.93.1 SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20220207-13.93.1 SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20220207-13.93.1 SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20220207-13.93.1 SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20220207-13.93.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20220207-13.93.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20220207-13.93.1 SUSE OpenStack Cloud 8:ucode-intel-20220207-13.93.1 SUSE OpenStack Cloud 9:ucode-intel-20220207-13.93.1 SUSE OpenStack Cloud Crowbar 8:ucode-intel-20220207-13.93.1 SUSE OpenStack Cloud Crowbar 9:ucode-intel-20220207-13.93.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220575-1/ https://www.suse.com/security/cve/CVE-2021-0127.html CVE-2021-0127 https://bugzilla.suse.com/1195779 SUSE Bug 1195779 Improper initialization of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2021-0145 HPE Helion OpenStack 8:ucode-intel-20220207-13.93.1 SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20220207-13.93.1 SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20220207-13.93.1 SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20220207-13.93.1 SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20220207-13.93.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20220207-13.93.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20220207-13.93.1 SUSE OpenStack Cloud 8:ucode-intel-20220207-13.93.1 SUSE OpenStack Cloud 9:ucode-intel-20220207-13.93.1 SUSE OpenStack Cloud Crowbar 8:ucode-intel-20220207-13.93.1 SUSE OpenStack Cloud Crowbar 9:ucode-intel-20220207-13.93.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220575-1/ https://www.suse.com/security/cve/CVE-2021-0145.html CVE-2021-0145 https://bugzilla.suse.com/1195780 SUSE Bug 1195780 Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access. CVE-2021-0146 HPE Helion OpenStack 8:ucode-intel-20220207-13.93.1 SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20220207-13.93.1 SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20220207-13.93.1 SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20220207-13.93.1 SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20220207-13.93.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20220207-13.93.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20220207-13.93.1 SUSE OpenStack Cloud 8:ucode-intel-20220207-13.93.1 SUSE OpenStack Cloud 9:ucode-intel-20220207-13.93.1 SUSE OpenStack Cloud Crowbar 8:ucode-intel-20220207-13.93.1 SUSE OpenStack Cloud Crowbar 9:ucode-intel-20220207-13.93.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220575-1/ https://www.suse.com/security/cve/CVE-2021-0146.html CVE-2021-0146 https://bugzilla.suse.com/1192615 SUSE Bug 1192615 https://bugzilla.suse.com/1193500 SUSE Bug 1193500 https://bugzilla.suse.com/1200661 SUSE Bug 1200661 https://bugzilla.suse.com/1200663 SUSE Bug 1200663 https://bugzilla.suse.com/1205062 SUSE Bug 1205062 Out of bounds read under complex microarchitectural condition in memory subsystem for some Intel Atom(R) Processors may allow authenticated user to potentially enable information disclosure or cause denial of service via network access. CVE-2021-33120 HPE Helion OpenStack 8:ucode-intel-20220207-13.93.1 SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20220207-13.93.1 SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20220207-13.93.1 SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20220207-13.93.1 SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20220207-13.93.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20220207-13.93.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20220207-13.93.1 SUSE OpenStack Cloud 8:ucode-intel-20220207-13.93.1 SUSE OpenStack Cloud 9:ucode-intel-20220207-13.93.1 SUSE OpenStack Cloud Crowbar 8:ucode-intel-20220207-13.93.1 SUSE OpenStack Cloud Crowbar 9:ucode-intel-20220207-13.93.1 moderate 5.5 AV:N/AC:L/Au:S/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220575-1/ https://www.suse.com/security/cve/CVE-2021-33120.html CVE-2021-33120 https://bugzilla.suse.com/1195781 SUSE Bug 1195781