Amazon Linux 2 Security Advisory: ALAS-2022-1800
Advisory Release Date: 2022-05-31 23:50 Pacific
Advisory Updated Date: 2022-09-01 21:30 Pacific
A flaw was found in hw. Processor optimization removal or modification of security-critical code for some Intel(R) processors may potentially allow an authenticated user to enable information disclosure via local access. (CVE-2022-21151)
A flaw was found in hw. Incomplete cleanup in specific special register read operations for some Intel® Processors may allow an authenticated user to enable information disclosure via local access. (CVE-2022-21127)
References to CVE-2022-21127 have been added after the original release of this advisory, however those vulnerabilities were fixed by the packages referenced by this advisory's initial release on 2022-05-31.
Affected Packages:
microcode_ctl
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update microcode_ctl to update your system.
i686:
microcode_ctl-2.1-47.amzn2.0.12.i686
microcode_ctl-debuginfo-2.1-47.amzn2.0.12.i686
src:
microcode_ctl-2.1-47.amzn2.0.12.src
x86_64:
microcode_ctl-2.1-47.amzn2.0.12.x86_64
microcode_ctl-debuginfo-2.1-47.amzn2.0.12.x86_64