On Thu, Mar 16, 2023 at 04:06:29PM +0100, Tobias Frost wrote: > Package: release.debian.org > Severity: normal > Tags: bullseye > User: release.debian....@packages.debian.org > Usertags: pu > X-Debbugs-Cc: intel-microc...@packages.debian.org, Salvatore Bonaccorso > <car...@debian.org> > Control: affects -1 + src:intel-microcode > > (Please refer to #1032847#12 for security team's feedback > that this should go through SPU.) > > The upload updates intel microcodes to target (See #1031334) > - INTEL-SA-00700: CVE-2022-21216 > - INTEL-SA-00730: CVE-2022-33972 > - INTEL-SA-00738: CVE-2022-33196 > - INTEL-SA-00767: CVE-2022-38090 > > the CVEs are information disclosure via local access vulnerbilities and > potential privilege escalations.
Note that speaking of fixed CVEs, for bullseye and older with the upload CVE-2022-21233 get fixed as well (this one was as well not warranting a DSA, it is as well SGX releated). Regards, Salvatore
