安全公告/【CVE-2023-23583】

基本信息

漏洞名称:
受影响操作系统:红旗Asianux服务器操作系统 V8
危险等级:高危
影响源码包:microcode_ctl
CVSS评分:7.8
发现日期:2024-09-19
修复日期:2024-10-14
修复版本:

漏洞描述

处理器指令序列会导致某些英特尔(R)处理器出现意外行为,可能允许经过身份验证的用户通过本地访问潜在地提升权限和/或泄露信息和/或拒绝服务。

漏洞判定


        

        

            
修复方式

            
软件包升级
dnf update microcode_ctl


        

  
        

            
补丁

            

        

        

            
参考

            

                                https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html

                                http://www.openwall.com/lists/oss-security/2023/11/14/8

                                http://www.openwall.com/lists/oss-security/2023/11/14/6

                                http://www.openwall.com/lists/oss-security/2023/11/14/4

                                http://www.openwall.com/lists/oss-security/2023/11/14/5

                                http://www.openwall.com/lists/oss-security/2023/11/14/7

                                http://www.openwall.com/lists/oss-security/2023/11/14/9

                                https://security.netapp.com/advisory/ntap-20231116-0015/

                                https://www.debian.org/security/2023/dsa-5563

                                https://lists.debian.org/debian-lts-announce/2023/12/msg00012.html