ALAS-2023-2195

Amazon Linux 2 Security Advisory: ALAS-2023-2195
Advisory Release Date: 2023-08-03 18:10 Pacific
Advisory Updated Date: 2025-03-07 23:16 Pacific

Severity: Medium

References: CVE-2022-40982 CVE-2023-23908
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-40982)

Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. (CVE-2023-23908)

Affected Packages:

microcode_ctl

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update microcode_ctl to update your system.

New Packages:

i686:
    microcode_ctl-2.1-47.amzn2.1.15.i686
    microcode_ctl-debuginfo-2.1-47.amzn2.1.15.i686

src:
    microcode_ctl-2.1-47.amzn2.1.15.src

x86_64:
    microcode_ctl-2.1-47.amzn2.1.15.x86_64
    microcode_ctl-debuginfo-2.1-47.amzn2.1.15.x86_64

Changelog:

2025-03-07: CVE-2023-23908 was added to this advisory.

Additional References

Release Notes: Amazon Linux 2 Release Notes

Red Hat: CVE-2022-40982, CVE-2023-23908

Mitre: CVE-2022-40982, CVE-2023-23908

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS-2023-2195

Additional References