INFSA-2024:3178: linux-firmware security update
Information about definition
Identificator: INFSA-2024:3178
Type: security
Release date: 2024-08-23 19:39:10 UTC
Information about package
The linux-firmware packages contain all of the firmware files that are required by various devices to operate.
Vulnerabilities description
- CVE-2022-46329
Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2023-20592
Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2022-46329
|
no information | 8.2 | no information |
|
NIST — CVE-2023-20592
|
no information | 5.3 | no information |
Updated packages