Security update for ucode-intel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:2960-1 Final 1 1 2022-08-31T11:11:56Z current 2022-08-31T11:11:56Z 2022-08-31T11:11:56Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ucode-intel This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220809 release (bsc#1201727): - CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave (INTEL-SA-00657). See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html Other fixes: - Update for functional issues. See also: https://www.intel.com/content/www/us/en/processors/xeon/scalable/xeon-scalable-spec-update.html?wapkw=processor+specification+update - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SKX-SP | B1 | 06-55-03/97 | 0100015d | 0100015e | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon D-21xx | ICX-SP | D0 | 06-6a-06/87 | 0d000363 | 0d000375 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003a | 0000003c | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 0000001e | 00000020 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 000000b0 | 000000b2 | Core Gen10 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000026 | 00000028 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 0000003e | 00000040 | Core Gen11 Mobile | RKL-S | B0 | 06-a7-01/02 | 00000053 | 00000054 | Core Gen11 | ADL | C0 | 06-97-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-97-05/03 | 0000001f | 00000022 | Core Gen12 | ADL | L0 | 06-9a-03/80 | 0000041c | 00000421 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 0000041c | 00000421 | Core Gen12 | ADL | C0 | 06-bf-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-bf-05/03 | 0000001f | 00000022 | Core Gen12 ------------------------------------------------------------------ The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES15-SP3-SAP-Azure-LI-BYOS-Production-2022-2960,Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production-2022-2960,Image SLES15-SP4-SAP-Azure-LI-BYOS-2022-2960,Image SLES15-SP4-SAP-Azure-LI-BYOS-Production-2022-2960,Image SLES15-SP4-SAP-Azure-VLI-BYOS-2022-2960,Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production-2022-2960,Image SLES15-SP5-SAP-Azure-LI-BYOS-2022-2960,Image SLES15-SP5-SAP-Azure-LI-BYOS-Production-2022-2960,Image SLES15-SP5-SAP-Azure-VLI-BYOS-2022-2960,Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production-2022-2960,Image SLES15-SP6-SAP-Azure-LI-BYOS-2022-2960,Image SLES15-SP6-SAP-Azure-LI-BYOS-Production-2022-2960,Image SLES15-SP6-SAP-Azure-VLI-BYOS-2022-2960,Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production-2022-2960,Image SLES15-SP7-SAP-Azure-LI-BYOS-Production-2022-2960,Image SLES15-SP7-SAP-Azure-VLI-BYOS-Production-2022-2960,SUSE-2022-2960,SUSE-SLE-Module-Basesystem-15-SP3-2022-2960,SUSE-SLE-Module-Basesystem-15-SP4-2022-2960,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2960,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2960,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2960,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2960,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2960,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2960,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2960,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2960,SUSE-SUSE-MicroOS-5.1-2022-2960,SUSE-SUSE-MicroOS-5.2-2022-2960,SUSE-Storage-7-2022-2960,openSUSE-SLE-15.3-2022-2960,openSUSE-SLE-15.4-2022-2960 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20222960-1/ Link for SUSE-SU-2022:2960-1 https://lists.suse.com/pipermail/sle-security-updates/2022-August/012017.html E-Mail link for SUSE-SU-2022:2960-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1201727 SUSE Bug 1201727 https://www.suse.com/security/cve/CVE-2022-21233/ SUSE CVE CVE-2022-21233 page Image SLES15-SP3-SAP-Azure-LI-BYOS-Production Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production Image SLES15-SP4-SAP-Azure-LI-BYOS Image SLES15-SP4-SAP-Azure-LI-BYOS-Production Image SLES15-SP4-SAP-Azure-VLI-BYOS Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production Image SLES15-SP5-SAP-Azure-LI-BYOS Image SLES15-SP5-SAP-Azure-LI-BYOS-Production Image SLES15-SP5-SAP-Azure-VLI-BYOS Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production Image SLES15-SP6-SAP-Azure-LI-BYOS Image SLES15-SP6-SAP-Azure-LI-BYOS-Production Image SLES15-SP6-SAP-Azure-VLI-BYOS Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production Image SLES15-SP7-SAP-Azure-LI-BYOS-Production Image SLES15-SP7-SAP-Azure-VLI-BYOS-Production SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Server 15 SP2-BCL SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 openSUSE Leap 15.3 openSUSE Leap 15.4 ucode-intel-20220809-150200.18.1 ucode-intel-20220809-150200.18.1 as a component of Image SLES15-SP3-SAP-Azure-LI-BYOS-Production ucode-intel-20220809-150200.18.1 as a component of Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production ucode-intel-20220809-150200.18.1 as a component of Image SLES15-SP4-SAP-Azure-LI-BYOS ucode-intel-20220809-150200.18.1 as a component of Image SLES15-SP4-SAP-Azure-LI-BYOS-Production ucode-intel-20220809-150200.18.1 as a component of Image SLES15-SP4-SAP-Azure-VLI-BYOS ucode-intel-20220809-150200.18.1 as a component of Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production ucode-intel-20220809-150200.18.1 as a component of Image SLES15-SP5-SAP-Azure-LI-BYOS ucode-intel-20220809-150200.18.1 as a component of Image SLES15-SP5-SAP-Azure-LI-BYOS-Production ucode-intel-20220809-150200.18.1 as a component of Image SLES15-SP5-SAP-Azure-VLI-BYOS ucode-intel-20220809-150200.18.1 as a component of Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production ucode-intel-20220809-150200.18.1 as a component of Image SLES15-SP6-SAP-Azure-LI-BYOS ucode-intel-20220809-150200.18.1 as a component of Image SLES15-SP6-SAP-Azure-LI-BYOS-Production ucode-intel-20220809-150200.18.1 as a component of Image SLES15-SP6-SAP-Azure-VLI-BYOS ucode-intel-20220809-150200.18.1 as a component of Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production ucode-intel-20220809-150200.18.1 as a component of Image SLES15-SP7-SAP-Azure-LI-BYOS-Production ucode-intel-20220809-150200.18.1 as a component of Image SLES15-SP7-SAP-Azure-VLI-BYOS-Production ucode-intel-20220809-150200.18.1 as a component of SUSE Enterprise Storage 7 ucode-intel-20220809-150200.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS ucode-intel-20220809-150200.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS ucode-intel-20220809-150200.18.1 as a component of SUSE Linux Enterprise Micro 5.1 ucode-intel-20220809-150200.18.1 as a component of SUSE Linux Enterprise Micro 5.2 ucode-intel-20220809-150200.18.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP3 ucode-intel-20220809-150200.18.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 ucode-intel-20220809-150200.18.1 as a component of SUSE Linux Enterprise Server 15 SP2-BCL ucode-intel-20220809-150200.18.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS ucode-intel-20220809-150200.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 ucode-intel-20220809-150200.18.1 as a component of SUSE Manager Proxy 4.1 ucode-intel-20220809-150200.18.1 as a component of SUSE Manager Retail Branch Server 4.1 ucode-intel-20220809-150200.18.1 as a component of SUSE Manager Server 4.1 ucode-intel-20220809-150200.18.1 as a component of openSUSE Leap 15.3 ucode-intel-20220809-150200.18.1 as a component of openSUSE Leap 15.4 Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. CVE-2022-21233 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:ucode-intel-20220809-150200.18.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:ucode-intel-20220809-150200.18.1 Image SLES15-SP4-SAP-Azure-LI-BYOS-Production:ucode-intel-20220809-150200.18.1 Image SLES15-SP4-SAP-Azure-LI-BYOS:ucode-intel-20220809-150200.18.1 Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production:ucode-intel-20220809-150200.18.1 Image SLES15-SP4-SAP-Azure-VLI-BYOS:ucode-intel-20220809-150200.18.1 Image SLES15-SP5-SAP-Azure-LI-BYOS-Production:ucode-intel-20220809-150200.18.1 Image SLES15-SP5-SAP-Azure-LI-BYOS:ucode-intel-20220809-150200.18.1 Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production:ucode-intel-20220809-150200.18.1 Image SLES15-SP5-SAP-Azure-VLI-BYOS:ucode-intel-20220809-150200.18.1 Image SLES15-SP6-SAP-Azure-LI-BYOS-Production:ucode-intel-20220809-150200.18.1 Image SLES15-SP6-SAP-Azure-LI-BYOS:ucode-intel-20220809-150200.18.1 Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production:ucode-intel-20220809-150200.18.1 Image SLES15-SP6-SAP-Azure-VLI-BYOS:ucode-intel-20220809-150200.18.1 Image SLES15-SP7-SAP-Azure-LI-BYOS-Production:ucode-intel-20220809-150200.18.1 Image SLES15-SP7-SAP-Azure-VLI-BYOS-Production:ucode-intel-20220809-150200.18.1 SUSE Enterprise Storage 7:ucode-intel-20220809-150200.18.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:ucode-intel-20220809-150200.18.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:ucode-intel-20220809-150200.18.1 SUSE Linux Enterprise Micro 5.1:ucode-intel-20220809-150200.18.1 SUSE Linux Enterprise Micro 5.2:ucode-intel-20220809-150200.18.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:ucode-intel-20220809-150200.18.1 SUSE Linux Enterprise Module for Basesystem 15 SP4:ucode-intel-20220809-150200.18.1 SUSE Linux Enterprise Server 15 SP2-BCL:ucode-intel-20220809-150200.18.1 SUSE Linux Enterprise Server 15 SP2-LTSS:ucode-intel-20220809-150200.18.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:ucode-intel-20220809-150200.18.1 SUSE Manager Proxy 4.1:ucode-intel-20220809-150200.18.1 SUSE Manager Retail Branch Server 4.1:ucode-intel-20220809-150200.18.1 SUSE Manager Server 4.1:ucode-intel-20220809-150200.18.1 openSUSE Leap 15.3:ucode-intel-20220809-150200.18.1 openSUSE Leap 15.4:ucode-intel-20220809-150200.18.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222960-1/ https://www.suse.com/security/cve/CVE-2022-21233.html CVE-2022-21233 https://bugzilla.suse.com/1201727 SUSE Bug 1201727