Test ID:	1.3.6.1.4.1.25623.1.0.856739
Category:	openSUSE Local Security Checks
Title:	openSUSE Security Advisory (SUSE-SU-2024:4053-1)
Summary:	The remote host is missing an update for the 'ucode-intel' package(s) announced via the SUSE-SU-2024:4053-1 advisory.
Description:	Summary: The remote host is missing an update for the 'ucode-intel' package(s) announced via the SUSE-SU-2024:4053-1 advisory. Vulnerability Insight: This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20241112 release (bsc#1233313) - CVE-2024-21853: Faulty finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel Xeon Processors may allow an authorized user to potentially enable denial of service via local access. - CVE-2024-23918: Improper conditions check in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access. - CVE-2024-21820: Incorrect default permissions in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access. - CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in some Intel Processors may allow an privileged user to potentially enable a denial of service via local access. - CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel Processors may allow a privileged user to potentially enable information disclosure via local access. - Update for functional issues. New Platforms: Processor Stepping F-M-S/PI Old Ver New Ver Products :---------------:---------:------------:---------:---------:--------- Updated Platforms: Processor Stepping F-M-S/PI Old Ver New Ver Products :---------------:---------:------------:---------:---------:--------- ADL C0 06-97-02/07 00000036 00000037 Core Gen12 ADL H0 06-97-05/07 00000036 00000037 Core Gen12 ADL L0 06-9a-03/80 00000434 00000435 Core Gen12 ADL R0 06-9a-04/80 00000434 00000435 Core Gen12 EMR-SP A0 06-cf-01/87 21000230 21000283 Xeon Scalable Gen5 EMR-SP A1 06-cf-02/87 21000230 21000283 Xeon Scalable Gen5 MTL C0 06-aa-04/e6 0000001f 00000020 Core(tm) Ultra Processor RPL-H/P/PX 6+8 J0 06-ba-02/e0 00004122 00004123 Core Gen13 RPL-HX/S C0 06-bf-02/07 00000036 00000037 Core Gen13/Gen14 RPL-S H0 06-bf-05/07 00000036 00000037 Core Gen13/Gen14 RPL-U 2+8 Q0 06-ba-03/e0 00004122 00004123 Core Gen13 SPR-SP E3 06-8f-06/87 2b0005c0 2b000603 Xeon Scalable Gen4 SPR-SP E4/S2 06-8f-07/87 2b0005c0 2b000603 Xeon Scalable Gen4 ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'ucode-intel' package(s) on openSUSE Leap 15.5, openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2024-21820 Common Vulnerability Exposure (CVE) ID: CVE-2024-21853 Common Vulnerability Exposure (CVE) ID: CVE-2024-23918 Common Vulnerability Exposure (CVE) ID: CVE-2024-23984 Common Vulnerability Exposure (CVE) ID: CVE-2024-24968
Copyright	Copyright (C) 2024 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.