On Thu, Mar 16, 2023 at 04:06:29PM +0100, Tobias Frost wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bullseye
> User: release.debian....@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: intel-microc...@packages.debian.org, Salvatore Bonaccorso 
> <car...@debian.org>
> Control: affects -1 + src:intel-microcode
> 
> (Please refer to #1032847#12 for security team's feedback
> that this should go through SPU.)
> 
> The upload updates intel microcodes to target (See #1031334)
>        - INTEL-SA-00700: CVE-2022-21216
>        - INTEL-SA-00730: CVE-2022-33972
>        - INTEL-SA-00738: CVE-2022-33196
>        - INTEL-SA-00767: CVE-2022-38090
> 
> the CVEs are information disclosure via local access vulnerbilities and
> potential privilege escalations.

Note that speaking of fixed CVEs, for bullseye and older with the
upload CVE-2022-21233 get fixed as well (this one was as well not
warranting a DSA, it is as well SGX releated).

Regards,
Salvatore

Reply via email to