CVE-2023-28746

NameCVE-2023-28746
DescriptionInformation exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1066108

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
intel-microcode (PTS)buster/non-free3.20220510.1~deb10u1vulnerable
buster/non-free (security)3.20231114.1~deb10u1vulnerable
bullseye/non-free, bullseye/non-free (security)3.20231114.1~deb11u1vulnerable
bookworm/non-free-firmware (security), bookworm/non-free-firmware3.20231114.1~deb12u1vulnerable
trixie/non-free-firmware, sid/non-free-firmware3.20240312.1fixed
linux (PTS)buster4.19.249-2vulnerable
buster (security)4.19.304-1vulnerable
bullseye5.10.209-2vulnerable
bullseye (security)5.10.205-2vulnerable
bookworm6.1.76-1vulnerable
bookworm (security)6.1.85-1fixed
trixie6.6.15-2vulnerable
sid6.7.9-2fixed
xen (PTS)buster, buster (security)4.11.4+107-gef32c7afa2-1vulnerable
bullseye4.14.6-1vulnerable
bullseye (security)4.14.5+94-ge49571868d-1vulnerable
bookworm4.17.3+10-g091466ba55-1~deb12u1vulnerable
trixie4.17.3+10-g091466ba55-1vulnerable
sid4.17.3+36-g54dacb5c02-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
intel-microcodesource(unstable)3.20240312.11066108
linuxsourcebookworm6.1.82-1
linuxsource(unstable)6.7.9-2
xensourcebuster(unfixed)end-of-life
xensourcebullseye(unfixed)end-of-life
xensource(unstable)(unfixed)

Notes

[bookworm] - intel-microcode <postponed> (Decide after exposure on unstable for update)
[bullseye] - intel-microcode <postponed> (Decide after exposure on unstable for update)
[buster] - intel-microcode <postponed> (Decide after exposure on unstable for update)
[bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
[buster] - xen <end-of-life> (DSA 4677-1)
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312
https://www.openwall.com/lists/oss-security/2024/03/12/13
https://xenbits.xen.org/xsa/advisory-452.html
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/register-file-data-sampling.html

Search for package or bug name: Reporting problems