update: intel-microcode and Kernel (downfall etc.)

[dongsupark]

Name: intel-microcode and Kernel
CVEs: CVE-2022-40982, CVE-2022-41804, CVE-2023-23908
CVSSs: 6.5, 6.7, 4.4
Action Needed:

• intel-microcode: update to >= 20230808_p20230804
• Kernel: update to >= 5.10.189, >= 5.15.125, >= 6.1.44

Summary:

• CVE-2022-40982: Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
  • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html
  • https://downfall.page/
• CVE-2022-41804: Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors which may allow a privileged user to potentially enable escalation of privilege via local access.
  • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00837.html
• CVE-2023-23908: Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access.
  • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html

refmap.gentoo: https://bugs.gentoo.org/911939

[krnowak]

Intel microcode part is covered by flatcar/scripts#1070.

[dongsupark]

Fixed in LTS 3033.3.17, Stable 3510.2.7, Beta 3602.1.5, Alpha 3717.0.0.