Amazon Linux 2022 Security Advisory: ALAS-2022-070
Advisory Release Date: 2022-05-18 00:25 Pacific
Advisory Updated Date: 2022-05-19 18:15 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access. (CVE-2022-0005)
A flaw was found in hw. Improper access control for some Intel(R) Xeon(R) processors may potentially allow an authenticated user to enable information disclosure via local access. (CVE-2022-21131)
A flaw was found in hw. Improper input validation for some Intel(R) Xeon(R) processors may allow a privileged user to enable a denial of service via local access. (CVE-2022-21136)
A flaw was found in hw. Processor optimization removal or modification of security-critical code for some Intel(R) processors may potentially allow an authenticated user to enable information disclosure via local access. (CVE-2022-21151)
Affected Packages:
microcode_ctl
Issue Correction:
Run dnf update --releasever=2022.0.20220518 microcode_ctl to update your system.
src:
microcode_ctl-2.1-51.amzn2022.src
x86_64:
microcode_ctl-2.1-51.amzn2022.x86_64