Intel Posts Updated CPU Microcode For Two More SGX Vulnerabilities, Privilege Escalation Bug
Patch Tuesday brought AMD disclosing a Ryzen Master security issue on Windows and the Cross-Thread Return Address Predictions bug requiring new handling by Linux's KVM. Over on the Intel side they have disclosed nearly three dozen new issues and as a result also published new Linux CPU microcode files for their recent processors to address the disclosures.
The Valentine's Day disclosures can be found via the Intel Security Center and range from their ON Event Android app to QATzip to Iris Xe MAX driver issues on Windows to CPU issues.
Intel today published new CPU microcode for Linux users and that is in reference to three new vulnerability disclosures in particular:
INTEL-SA-00767 - "A potential security vulnerability in some Intel® Processors with Intel® Software Guard Extensions (SGX) may allow information disclosure...Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access."
INTEL-SA-00738 - "A potential security vulnerability in some Intel® Xeon® Processors with Intel® Software Guard Extensions (SGX) may allow escalation of privilege... Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local access."
INTEL-SA-00700 - "A potential security vulnerability in some Intel® Atom® and Intel® Xeon® Scalable Processors may allow escalation of privilege....Insufficient granularity of access control in out-of-band management in some Intel(R) Atom® and Intel® Xeon® Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network access."
The latter two have a CVSS base score of "high" while the first has a "medium" rating and these three are what led to today's Intel CPU microcode updates for Linux users.
The Intel 20230214 microcode drop covers Intel Core Gen11 through Core Gen13 Raptor Lake, Xeon Scalable of all generations, select Pentium processors, Core Gen10 Mobile, Xeon D Ice Lake, and other select processors. This is also the first time the CPU microcode has seen updates for the new 4th Gen Xeon Scalable "Sapphire Rapids" processors, including the new Xeon CPU Max Series and on the client side for Raptor Lake P / H / U.
The Intel 20230214 CPU microcode files should be working their way to Linux distribution stable release updates shortly while those interested in fetching the new CPU microcode right away can find them via GitHub.