Incorrect calculation in microcode keying mechanism for some 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable information disclosure via local access.
Weakness
The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Xeon_gold_5315y_firmware | Intel | - (including) | - (including) |
| Intel-microcode | Ubuntu | bionic | * |
| Intel-microcode | Ubuntu | devel | * |
| Intel-microcode | Ubuntu | esm-infra-legacy/trusty | * |
| Intel-microcode | Ubuntu | esm-infra/bionic | * |
| Intel-microcode | Ubuntu | esm-infra/focal | * |
| Intel-microcode | Ubuntu | esm-infra/xenial | * |
| Intel-microcode | Ubuntu | focal | * |
| Intel-microcode | Ubuntu | jammy | * |
| Intel-microcode | Ubuntu | kinetic | * |
| Intel-microcode | Ubuntu | trusty | * |
| Intel-microcode | Ubuntu | trusty/esm | * |
| Intel-microcode | Ubuntu | xenial | * |
Potential Mitigations
- Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
- Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
- Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
- Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).