Bug 2270700 (CVE-2023-28746)

Summary: CVE-2023-28746 kernel: Local information disclosure on Intel(R) Atom(R) processors
Product: [Other] Security Response Reporter: Marco Benatto <mbenatto>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acaringi, allarkin, aquini, bhu, chwhite, cye, cyin, dbohanno, debarbos, dfreiber, drow, dvlasenk, esandeen, ezulian, hkrzesin, hvtaifwkbgefbaei, jarod, jburrell, jdenham, jfaracco, jforbes, jlelli, joe.lawrence, jpoimboe, jshortt, jstancek, jwyatt, kcarcia, ldoskova, lgoncalv, llong, lzampier, mleitner, mmilgram, mstowell, nmurray, ptalbert, rparrazo, rrobaina, rvrbovsk, rysulliv, scweaver, sidakwo, sukulkar, tglozar, tyberry, vkumar, wcosta, williams, wmealing, ycote, ykopkova, zhijwang
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in some Intel Atom Processor's microcode. This issue may allow a malicious actor to achieve a local information disclosure, impacting the data confidentiality of the targeted system.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2270731    
Bug Blocks: 2270697    

Description Marco Benatto 2024-03-21 13:48:11 UTC 
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html
Comment 1 Marco Benatto 2024-03-21 15:12:12 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2270731]
Comment 18 errata-xmlrpc 2024-08-08 04:51:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:5101 https://access.redhat.com/errata/RHSA-2024:5101
Comment 19 errata-xmlrpc 2024-10-16 00:09:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:8158 https://access.redhat.com/errata/RHSA-2024:8158
Comment 20 errata-xmlrpc 2024-10-16 00:20:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:8157 https://access.redhat.com/errata/RHSA-2024:8157
Comment 21 errata-xmlrpc 2024-10-16 00:51:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:8162 https://access.redhat.com/errata/RHSA-2024:8162
Comment 23 errata-xmlrpc 2024-11-12 10:31:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:9401 https://access.redhat.com/errata/RHSA-2024:9401