Category Archives: Advisories

microcode_ctl-2.1-51.fc36

Read Time:5 Minute, 17 Second

FEDORA-2022-688cbbf106

Packages in this update:

microcode_ctl-2.1-51.fc36

Update description:

Update to upstream 2.1-36. 20220510
Addition of 06-97-02/0x03 (ADL-HX C0) microcode at revision 0x1f;
Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-97-02) at revision 0x1f;
Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-02)
at revision 0x1f;
Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-02)
at revision 0x1f;
Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in
intel-ucode/06-97-05) at revision 0x1f;
Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode at revision 0x1f;
Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-05)
at revision 0x1f;
Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-05)
at revision 0x1f;
Addition of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode at
revision 0x41c;
Addition of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in
intel-ucode/06-9a-03) at revision 0x41c;
Addition of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in
intel-ucode/06-9a-04) at revision 0x41c;
Addition of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode at revision 0x41c;
Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in
intel-ucode/06-bf-02) at revision 0x1f;
Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-02) at revision 0x1f;
Addition of 06-bf-02/0x03 (ADL C0) microcode at revision 0x1f;
Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-bf-02)
at revision 0x1f;
Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in
intel-ucode/06-bf-05) at revision 0x1f;
Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-05) at revision 0x1f;
Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-bf-05)
at revision 0x1f;
Addition of 06-bf-05/0x03 (ADL C0) microcode at revision 0x1f;
Update of 06-37-09/0x0f (VLV D0) microcode from revision 0x90c up
to 0x90d;
Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode from revision
0xec up to 0xf0;
Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x100015c
up to 0x100015d;
Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode from
revision 0x2006c0a up to 0x2006d05;
Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400320a
up to 0x4003302;
Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision
0x500320a up to 0x5003302;
Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002402
up to 0x7002501;
Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x46 up
to 0x48;
Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode from
revision 0xec up to 0xf0;
Update of 06-5f-01/0x01 (DNV B0) microcode from revision 0x36 up
to 0x38;
Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd000331
up to 0xd000363;
Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x38 up
to 0x3a;
Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x1c up
to 0x1e;
Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xa8
up to 0xb0;
Update of 06-8a-01/0x10 (LKF B2/B3) microcode from revision 0x2d up
to 0x31;
Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode from revision
0x9a up to 0xa4;
Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x22 up
to 0x26;
Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x3c up
to 0x3e;
Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode from revision 0xec
up to 0xf0;
Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode from revision
0xec up to 0xf0;
Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode from
revision 0xec up to 0xf0;
Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xec up
to 0xf0;
Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)
microcode from revision 0xec up to 0xf0;
Update of 06-96-01/0x01 (EHL B1) microcode from revision 0x15 up
to 0x16;
Update of 06-9c-00/0x01 (JSL A0/A1) microcode from revision 0x2400001f
up to 0x24000023;
Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from
revision 0xec up to 0xf0;
Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode from revision
0xec up to 0xf0;
Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode from revision 0xec
up to 0xf0;
Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode from revision
0xec up to 0xf0;
Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode from revision
0xec up to 0xf0;
Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xec up
to 0xf0;
Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xec
up to 0xf0;
Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xee
up to 0xf0;
Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xea
up to 0xf0;
Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision
0xec up to 0xf0;
Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x50 up
to 0x53.
Addresses CVE-2022-0005, CVE-2022-21131, CVE-2022-21136, CVE-2022-21151

Update to upstream 2.1-35. 20220419
Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x24 up to 0x28.

Read More

microcode_ctl-2.1-47.3.fc35

Read Time:5 Minute, 17 Second

FEDORA-2022-9fdae2c607

Packages in this update:

microcode_ctl-2.1-47.3.fc35

Update description:

Update to upstream 2.1-36. 20220510
Addition of 06-97-02/0x03 (ADL-HX C0) microcode at revision 0x1f;
Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-97-02) at revision 0x1f;
Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-02)
at revision 0x1f;
Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-02)
at revision 0x1f;
Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in
intel-ucode/06-97-05) at revision 0x1f;
Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode at revision 0x1f;
Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-05)
at revision 0x1f;
Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-05)
at revision 0x1f;
Addition of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode at
revision 0x41c;
Addition of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in
intel-ucode/06-9a-03) at revision 0x41c;
Addition of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in
intel-ucode/06-9a-04) at revision 0x41c;
Addition of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode at revision 0x41c;
Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in
intel-ucode/06-bf-02) at revision 0x1f;
Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-02) at revision 0x1f;
Addition of 06-bf-02/0x03 (ADL C0) microcode at revision 0x1f;
Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-bf-02)
at revision 0x1f;
Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in
intel-ucode/06-bf-05) at revision 0x1f;
Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-05) at revision 0x1f;
Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-bf-05)
at revision 0x1f;
Addition of 06-bf-05/0x03 (ADL C0) microcode at revision 0x1f;
Update of 06-37-09/0x0f (VLV D0) microcode from revision 0x90c up
to 0x90d;
Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode from revision
0xec up to 0xf0;
Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x100015c
up to 0x100015d;
Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode from
revision 0x2006c0a up to 0x2006d05;
Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400320a
up to 0x4003302;
Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision
0x500320a up to 0x5003302;
Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002402
up to 0x7002501;
Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x46 up
to 0x48;
Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode from
revision 0xec up to 0xf0;
Update of 06-5f-01/0x01 (DNV B0) microcode from revision 0x36 up
to 0x38;
Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd000331
up to 0xd000363;
Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x38 up
to 0x3a;
Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x1c up
to 0x1e;
Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xa8
up to 0xb0;
Update of 06-8a-01/0x10 (LKF B2/B3) microcode from revision 0x2d up
to 0x31;
Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode from revision
0x9a up to 0xa4;
Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x22 up
to 0x26;
Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x3c up
to 0x3e;
Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode from revision 0xec
up to 0xf0;
Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode from revision
0xec up to 0xf0;
Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode from
revision 0xec up to 0xf0;
Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xec up
to 0xf0;
Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)
microcode from revision 0xec up to 0xf0;
Update of 06-96-01/0x01 (EHL B1) microcode from revision 0x15 up
to 0x16;
Update of 06-9c-00/0x01 (JSL A0/A1) microcode from revision 0x2400001f
up to 0x24000023;
Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from
revision 0xec up to 0xf0;
Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode from revision
0xec up to 0xf0;
Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode from revision 0xec
up to 0xf0;
Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode from revision
0xec up to 0xf0;
Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode from revision
0xec up to 0xf0;
Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xec up
to 0xf0;
Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xec
up to 0xf0;
Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xee
up to 0xf0;
Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xea
up to 0xf0;
Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision
0xec up to 0xf0;
Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x50 up
to 0x53.
Addresses CVE-2022-0005, CVE-2022-21131, CVE-2022-21136, CVE-2022-21151

Update to upstream 2.1-35. 20220419
Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x24 up to 0x28.

Read More

microcode_ctl-2.1-46.3.fc34

Read Time:5 Minute, 17 Second

FEDORA-2022-e718888c8b

Packages in this update:

microcode_ctl-2.1-46.3.fc34

Update description:

Update to upstream 2.1-36. 20220510
Addition of 06-97-02/0x03 (ADL-HX C0) microcode at revision 0x1f;
Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-97-02) at revision 0x1f;
Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-02)
at revision 0x1f;
Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-02)
at revision 0x1f;
Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in
intel-ucode/06-97-05) at revision 0x1f;
Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode at revision 0x1f;
Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-05)
at revision 0x1f;
Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-05)
at revision 0x1f;
Addition of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode at
revision 0x41c;
Addition of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in
intel-ucode/06-9a-03) at revision 0x41c;
Addition of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in
intel-ucode/06-9a-04) at revision 0x41c;
Addition of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode at revision 0x41c;
Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in
intel-ucode/06-bf-02) at revision 0x1f;
Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-02) at revision 0x1f;
Addition of 06-bf-02/0x03 (ADL C0) microcode at revision 0x1f;
Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-bf-02)
at revision 0x1f;
Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in
intel-ucode/06-bf-05) at revision 0x1f;
Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-05) at revision 0x1f;
Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-bf-05)
at revision 0x1f;
Addition of 06-bf-05/0x03 (ADL C0) microcode at revision 0x1f;
Update of 06-37-09/0x0f (VLV D0) microcode from revision 0x90c up
to 0x90d;
Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode from revision
0xec up to 0xf0;
Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x100015c
up to 0x100015d;
Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode from
revision 0x2006c0a up to 0x2006d05;
Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400320a
up to 0x4003302;
Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision
0x500320a up to 0x5003302;
Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002402
up to 0x7002501;
Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x46 up
to 0x48;
Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode from
revision 0xec up to 0xf0;
Update of 06-5f-01/0x01 (DNV B0) microcode from revision 0x36 up
to 0x38;
Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd000331
up to 0xd000363;
Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x38 up
to 0x3a;
Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x1c up
to 0x1e;
Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xa8
up to 0xb0;
Update of 06-8a-01/0x10 (LKF B2/B3) microcode from revision 0x2d up
to 0x31;
Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode from revision
0x9a up to 0xa4;
Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x22 up
to 0x26;
Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x3c up
to 0x3e;
Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode from revision 0xec
up to 0xf0;
Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode from revision
0xec up to 0xf0;
Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode from
revision 0xec up to 0xf0;
Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xec up
to 0xf0;
Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)
microcode from revision 0xec up to 0xf0;
Update of 06-96-01/0x01 (EHL B1) microcode from revision 0x15 up
to 0x16;
Update of 06-9c-00/0x01 (JSL A0/A1) microcode from revision 0x2400001f
up to 0x24000023;
Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from
revision 0xec up to 0xf0;
Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode from revision
0xec up to 0xf0;
Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode from revision 0xec
up to 0xf0;
Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode from revision
0xec up to 0xf0;
Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode from revision
0xec up to 0xf0;
Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xec up
to 0xf0;
Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xec
up to 0xf0;
Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xee
up to 0xf0;
Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xea
up to 0xf0;
Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision
0xec up to 0xf0;
Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x50 up
to 0x53.
Addresses CVE-2022-0005, CVE-2022-21131, CVE-2022-21136, CVE-2022-21151

Update to upstream 2.1-35. 20220419
Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x24 up to 0x28.

Read More

Multiple Vulnerabilities in Google Chrome and Chrome OS Could Allow for Arbitrary Code Execution

Read Time:27 Second

Multiple vulnerabilities have been discovered in Google Chrome and Chrome OS, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Chrome OS is a proprietary Linux-based operating system designed by Google. It is derived from the open-source Chromium OS and uses the Google Chrome web browser as its principal user interface. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the application.

Read More

APT28 FancyBear / Code Execution

Read Time:20 Second

Posted by malvuln on May 10

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/d6751b148461e0f863548be84020b879.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: APT28 FancyBear
Vulnerability: Code Execution
Description: FancyBear looks for and executes DLLs in its current
directory. Therefore, we can potentially hijack a vuln DLL execute our own
code, control and terminate the malware. The…

Read More

Defense in depth — the Microsoft way (part 80): 25 (in words: TWENTY-FIVE) year old TRIVIAL bug crashes CMD.exe

Read Time:24 Second

Posted by Stefan Kanthak on May 10

Hi @ll,

the subject says it all: a 25 year old TRIVIAL signed integer
arithmetic bug (which may well have earned a PhD now) crashes
Windows’ command interpreter CMD.exe via its builtin SET command.
See their documentation:
<https://technet.microsoft.com/en-us/library/cc771320.aspx>
<https://technet.microsoft.com/en-us/library/cc754250.aspx>

Classification
~~~~~~~~~~~~~~

<https://cwe.mitre.org/data/definitions/190.html>…

Read More

USN-5409-1: libsndfile vulnerability

Read Time:16 Second

It was discovered that libsndfile was incorrectly performing memory
management operations and incorrectly using buffers when executing
its FLAC codec. If a user or automated system were tricked into
processing a specially crafted sound file, an attacker could
possibly use this issue to cause a denial of service or obtain
sensitive information.

Read More