Security update for ucode-intel

Announcement ID:	SUSE-SU-2023:0455-1
Rating:	important
References:	bsc#1208275 bsc#1208276 bsc#1208277
Cross-References:	CVE-2022-21216 CVE-2022-33196 CVE-2022-38090
CVSS scores:	CVE-2022-21216 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L CVE-2022-21216 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L CVE-2022-33196 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N CVE-2022-33196 ( NVD ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N CVE-2022-38090 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N CVE-2022-38090 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise High Performance Computing 12 SP4 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9

An update that solves three vulnerabilities can now be installed.

Description:

This update for ucode-intel fixes the following issues:

Updated to Intel CPU Microcode 20230214 release.

Security issues fixed:

• CVE-2022-38090: Security updates for INTEL-SA-00767 (bsc#1208275)
• CVE-2022-33196: Security updates for INTEL-SA-00738 (bsc#1208276)

• CVE-2022-21216: Security updates for INTEL-SA-00700 (bsc#1208277)

• New Platforms:

| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SPR-SP | E2 | 06-8f-05/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E5 | 06-8f-08/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-HBM | B3 | 06-8f-08/10 | | 2c000170 | Xeon Max | RPL-P 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-H 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-02/07 | | 0000410e | Core Gen13

• Updated Platforms:

| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | C0 | 06-97-02/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-97-05/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-bf-02/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-bf-05/07 | 00000026 | 0000002c | Core Gen12 | ADL | L0 | 06-9a-03/80 | 00000424 | 00000429 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 00000424 | 00000429 | Core Gen12 | CLX-SP | B0 | 06-55-06/bf | 04003302 | 04003303 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003302 | 05003303 | Xeon Scalable Gen2 | CPX-SP | A1 | 06-55-0b/bf | 07002501 | 07002503 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003c | 0000003e | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 00000020 | 00000022 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-D | B0 | 06-6c-01/10 | 01000201 | 01000211 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000b6 | 000000b8 | Core Gen10 Mobile | ICX-SP | D0 | 06-6a-06/87 | 0d000375 | 0d000389 | Xeon Scalable Gen3 | JSL | A0/A1 | 06-9c-00/01 | 24000023 | 24000024 | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105 | LKF | B2/B3 | 06-8a-01/10 | 00000031 | 00000032 | Core w/Hybrid Technology | RKL-S | B0 | 06-a7-01/02 | 00000056 | 00000057 | Core Gen11 | RPL-S | S0 | 06-b7-01/32 | 0000010e | 00000112 | Core Gen13 | SKX-SP | B1 | 06-55-03/97 | 0100015e | 01000161 | Xeon Scalable

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE OpenStack Cloud 9
  zypper in -t patch SUSE-OpenStack-Cloud-9-2023-455=1
• SUSE OpenStack Cloud Crowbar 9
  zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-455=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP4
  zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-455=1
• SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-455=1
• SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4
  zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-455=1
• SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4
  zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-455=1

Package List:

• SUSE OpenStack Cloud 9 (x86_64)
  • ucode-intel-debuginfo-20230214-13.104.1
  • ucode-intel-debugsource-20230214-13.104.1
  • ucode-intel-20230214-13.104.1
• SUSE OpenStack Cloud Crowbar 9 (x86_64)
  • ucode-intel-debuginfo-20230214-13.104.1
  • ucode-intel-debugsource-20230214-13.104.1
  • ucode-intel-20230214-13.104.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64)
  • ucode-intel-debuginfo-20230214-13.104.1
  • ucode-intel-debugsource-20230214-13.104.1
  • ucode-intel-20230214-13.104.1
• SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64)
  • ucode-intel-debuginfo-20230214-13.104.1
  • ucode-intel-debugsource-20230214-13.104.1
  • ucode-intel-20230214-13.104.1
• SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64)
  • ucode-intel-debuginfo-20230214-13.104.1
  • ucode-intel-debugsource-20230214-13.104.1
  • ucode-intel-20230214-13.104.1
• SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (x86_64)
  • ucode-intel-debuginfo-20230214-13.104.1
  • ucode-intel-debugsource-20230214-13.104.1
  • ucode-intel-20230214-13.104.1

References:

• https://www.suse.com/security/cve/CVE-2022-21216.html
• https://www.suse.com/security/cve/CVE-2022-33196.html
• https://www.suse.com/security/cve/CVE-2022-38090.html
• https://bugzilla.suse.com/show_bug.cgi?id=1208275
• https://bugzilla.suse.com/show_bug.cgi?id=1208276
• https://bugzilla.suse.com/show_bug.cgi?id=1208277