Security update for ucode-intel

Announcement ID:	SUSE-SU-2023:0454-1
Rating:	important
References:	bsc#1208275 bsc#1208276 bsc#1208277
Cross-References:	CVE-2022-21216 CVE-2022-33196 CVE-2022-38090
CVSS scores:	CVE-2022-21216 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L CVE-2022-21216 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L CVE-2022-33196 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N CVE-2022-33196 ( NVD ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N CVE-2022-38090 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N CVE-2022-38090 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Affected Products:	SUSE CaaS Platform 4.0 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP1

An update that solves three vulnerabilities can now be installed.

Description:

This update for ucode-intel fixes the following issues:

Updated to Intel CPU Microcode 20230214 release.

Security issues fixed:

• CVE-2022-38090: Security updates for INTEL-SA-00767 (bsc#1208275)
• CVE-2022-33196: Security updates for INTEL-SA-00738 (bsc#1208276)

• CVE-2022-21216: Security updates for INTEL-SA-00700 (bsc#1208277)

• New Platforms:

| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SPR-SP | E2 | 06-8f-05/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E5 | 06-8f-08/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-HBM | B3 | 06-8f-08/10 | | 2c000170 | Xeon Max | RPL-P 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-H 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-02/07 | | 0000410e | Core Gen13

• Updated Platforms:

| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | C0 | 06-97-02/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-97-05/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-bf-02/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-bf-05/07 | 00000026 | 0000002c | Core Gen12 | ADL | L0 | 06-9a-03/80 | 00000424 | 00000429 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 00000424 | 00000429 | Core Gen12 | CLX-SP | B0 | 06-55-06/bf | 04003302 | 04003303 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003302 | 05003303 | Xeon Scalable Gen2 | CPX-SP | A1 | 06-55-0b/bf | 07002501 | 07002503 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003c | 0000003e | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 00000020 | 00000022 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-D | B0 | 06-6c-01/10 | 01000201 | 01000211 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000b6 | 000000b8 | Core Gen10 Mobile | ICX-SP | D0 | 06-6a-06/87 | 0d000375 | 0d000389 | Xeon Scalable Gen3 | JSL | A0/A1 | 06-9c-00/01 | 24000023 | 24000024 | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105 | LKF | B2/B3 | 06-8a-01/10 | 00000031 | 00000032 | Core w/Hybrid Technology | RKL-S | B0 | 06-a7-01/02 | 00000056 | 00000057 | Core Gen11 | RPL-S | S0 | 06-b7-01/32 | 0000010e | 00000112 | Core Gen13 | SKX-SP | B1 | 06-55-03/97 | 0100015e | 01000161 | Xeon Scalable

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-454=1
• SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-454=1
• SUSE Linux Enterprise Server for SAP Applications 15 SP1
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-454=1
• SUSE CaaS Platform 4.0
  To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way.

Package List:

• SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64)
  • ucode-intel-20230214-150100.3.217.1
• SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64)
  • ucode-intel-20230214-150100.3.217.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64)
  • ucode-intel-20230214-150100.3.217.1
• SUSE CaaS Platform 4.0 (x86_64)
  • ucode-intel-20230214-150100.3.217.1

References:

• https://www.suse.com/security/cve/CVE-2022-21216.html
• https://www.suse.com/security/cve/CVE-2022-33196.html
• https://www.suse.com/security/cve/CVE-2022-38090.html
• https://bugzilla.suse.com/show_bug.cgi?id=1208275
• https://bugzilla.suse.com/show_bug.cgi?id=1208276
• https://bugzilla.suse.com/show_bug.cgi?id=1208277