Intel Releases 20220207 Microcode For Linux Users To Provide Important Security Fixes
Over on the Intel Security Center are their round of security bulletins for this "patch Tuesday" and their first big batch of security disclosures since November. There are advisories issued ranging from their Intel Smart Campus and Capital Global Summit Android apps to various processor and BIOS disclosures.
Intel simultaneously released Intel CPU microcode for Linux 20220207 that contains the updated CPU microcode going back to 6th Gen Core CPUs.
There are two primary CPU security updates with the new microcode releases. Intel SA-00528 is a "7.1 High" CVSS scoring vulnerability that could lead to privilege escalation for users with local access to the system. The escalation comes from a bad actor being able to make use of test/debug logic of select Intel processors to allow an unauthenticated local user potentially escalating privileges. Fortunately the vulnerable CPUs there is rather limited to lower-end Pentium and Atom parts. The broader security issue being addressed is Intel SA-00532 that could lead to a denial of service by authenticated users due to insufficient control flow management. That "5.6 medium" CVSS score vulnerability affects CPUs going back to 6th Gen Core.
Plus the new microcode has updates for various functional issues on various generations of Intel Core and Xeon CPUs. If keeping up with your system firmware updates, some systems have already been shipping the new Intel CPU microcode since last month. Fortunately, from prior testing at least on the select hardware locally already having seen updated CPU microcode, this round of microcode updates doesn't appear to have any detrimental impact on performance but will test now with other generations of Intel CPUs to confirm.