Show Your Support: This site is primarily supported by advertisements. Ads are what have allowed this site to be maintained on a daily basis for the past 18+ years. We do our best to ensure only clean, relevant ads are shown, when any nasty ads are detected, we work to remove them ASAP. If you would like to view the site without ads while still supporting our work, please consider our ad-free Phoronix Premium.
Intel Releases New CPU Microcode For Latest Security Advisory (CVE-2022-21151)
Yielding the new CPU microcode drop today is INTEL-SA-000617 / CVE-2022-21151. This "medium" rated security advisory is due to a security issue with some Intel CPUs that could lead to information disclosure via local access. The issue is described as "Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access." The new CPU microcode published today takes care of that problem.
The Intel for Linux 20220510 microcode release in addition to that security fix has various functional issues resolved too. This is their first Linux microcode CPU drop for Alder Lake processors while the updated CPU platforms range from Skylake and Valley View through Rocket Lake and Tiger Lake.
The updated Intel CPU microcode for Linux users can be found via GitHub while Windows users will likely find the microcode update coming down soon via a Windows update and/or via BIOS updates from motherboard vendors.
The other new security advisories issued today can be found via the Intel Security Center including two Xeon local information disclosures also mitigated by the new firmware, Boot Guard, a potential denial of sertvice with the Intel SGX kernel drivers, and more.
There is also a Processor Speculative Cross Store Bypass Advisory for a "behavioral discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access" while this advisory is rated low. Intel is recommending potential gadgets utilize a load fence (LFENCE) after loads that should observe writes from another thread to the same shared memory address.