First published: Tue Jul 25 2023(Updated: )
Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/amd64-microcode | <3.20220411.1ubuntu3.1 | 3.20220411.1ubuntu3.1 |
=23.04 | ||
All of | ||
ubuntu/amd64-microcode | <3.20191218.1ubuntu2.1 | 3.20191218.1ubuntu2.1 |
=22.04 | ||
All of | ||
ubuntu/amd64-microcode | <3.20191218.1ubuntu1.1 | 3.20191218.1ubuntu1.1 |
=20.04 | ||
All of | ||
ubuntu/amd64-microcode | <3.20191021.1+really3.20181128.1~ubuntu0.18.04.1+esm1 | 3.20191021.1+really3.20181128.1~ubuntu0.18.04.1+esm1 |
=18.04 | ||
All of | ||
ubuntu/amd64-microcode | <3.20191021.1+really3.20180524.1~ubuntu0.16.04.2+esm1 | 3.20191021.1+really3.20180524.1~ubuntu0.16.04.2+esm1 |
=16.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
USN-6244-1 is a security vulnerability in AMD microcode that could allow a local attacker to expose sensitive information.
The AMD Microcode vulnerability occurs when certain vector register instructions are not properly handled during speculative execution, allowing a local attacker to expose sensitive information.
Systems running Ubuntu 23.04, 22.04, 20.04, 18.04, and 16.04 with specific versions of the amd64-microcode package are affected by the AMD Microcode vulnerability.
To fix the AMD Microcode vulnerability, update the amd64-microcode package to version 3.20220411.1ubuntu3.1 (for Ubuntu 23.04), 3.20191218.1ubuntu2.1 (for Ubuntu 22.04), 3.20191218.1ubuntu1.1 (for Ubuntu 20.04), 3.20191021.1+really3.20181128.1~ubuntu0.18.04.1+esm1 (for Ubuntu 18.04), or 3.20191021.1+really3.20180524.1~ubuntu0.16.04.2+esm1 (for Ubuntu 16.04).
More information about the AMD Microcode vulnerability can be found at the following references: USN-6315-1, USN-6316-1, and CVE-2023-20593.