Debian 10260 Published by

An amd64-microcode security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to address a flaw in the vector register of Zen 2 CPUs.



ELA-910-1 amd64-microcode security update

Package : amd64-microcode
Version : 3.20230719.1~deb8u1 (jessie), 3.20230719.1~deb9u1 (stretch)

Related CVEs :
CVE-2019-9836
CVE-2023-20593

Tavis Ormandy discovered that under specific microarchitectural circumstances, a vector register in “Zen 2” CPUs may not be written to 0 correctly. This flaw allows an attacker to leak register contents across
concurrent processes, hyper threads and virtualized guests.

For details please refer to https://lock.cmpxchg8b.com/zenbleed.html https://github.com/google/security-research/security/advisories/GHSA-v6wh-rxpg-cmm8

The initial microcode release by AMD only provides updates for second generation EPYC CPUs: Various Ryzen CPUs are also affected, but no updates are available yet. Fixes will be provided in a later update once
they are released. For more specific details and target dates please refer to the AMD advisory at
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html

ELA-910-1 amd64-microcode security update