ALAS-2024-2682

2024-12-05: CVE-2024-21853 was added to this advisory.

2024-12-05: CVE-2024-21820 was added to this advisory.

2024-12-05: CVE-2024-23918 was added to this advisory.

Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2024-21820)

Improper finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel(R) Xeon(R) Processors may allow an authorized user to potentially enable denial of service via local access. (CVE-2024-21853)

Improper conditions check in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2024-23918)

NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01103.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240910
DEBIANBUG: [1081363] (CVE-2024-23984)

Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2024-24853)

NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01097.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240910
DEBIANBUG: [1081363] (CVE-2024-24968)

Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2024-24980)

i686:
    microcode_ctl-2.1-47.amzn2.4.22.i686
    microcode_ctl-debuginfo-2.1-47.amzn2.4.22.i686

src:
    microcode_ctl-2.1-47.amzn2.4.22.src

x86_64:
    microcode_ctl-2.1-47.amzn2.4.22.x86_64
    microcode_ctl-debuginfo-2.1-47.amzn2.4.22.x86_64