An update for linux-firmware is now available for openEuler-22.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-2550 Final 1.0 1.0 2024-12-13 Initial 2024-12-13 2024-12-13 openEuler SA Tool V1.0 2024-12-13 linux-firmware security update An update for linux-firmware is now available for openEuler-22.03-LTS-SP1 This package contains firmware images required by some devices. Security Fix(es): IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity.(CVE-2023-20584) Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity.(CVE-2023-31356) An update for linux-firmware is now available for openEuler-22.03-LTS-SP1. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium linux-firmware https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2550 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-20584 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-31356 https://nvd.nist.gov/vuln/detail/CVE-2023-20584 https://nvd.nist.gov/vuln/detail/CVE-2023-31356 openEuler-22.03-LTS-SP1 linux-firmware-20241017-1.oe2203sp1.noarch.rpm linux-firmware-ath-20241017-1.oe2203sp1.noarch.rpm linux-firmware-cypress-20241017-1.oe2203sp1.noarch.rpm linux-firmware-iwlwifi-20241017-1.oe2203sp1.noarch.rpm linux-firmware-libertas-20241017-1.oe2203sp1.noarch.rpm linux-firmware-mediatek-20241017-1.oe2203sp1.noarch.rpm linux-firmware-mrvl-20241017-1.oe2203sp1.noarch.rpm linux-firmware-netronome-20241017-1.oe2203sp1.noarch.rpm linux-firmware-ti-connectivity-20241017-1.oe2203sp1.noarch.rpm linux-firmware-20241017-1.oe2203sp1.src.rpm IOMMU improperly handles certain special addressranges with invalid device table entries (DTEs), which may allow an attackerwith privileges and a compromised Hypervisor toinduce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to aloss of guest integrity. 2024-12-13 CVE-2023-20584 openEuler-22.03-LTS-SP1 Medium 5.3 AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N linux-firmware security update 2024-12-13 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2550 Incomplete system memory cleanup in SEV firmware couldallow a privileged attacker to corrupt guest private memory, potentiallyresulting in a loss of data integrity. 2024-12-13 CVE-2023-31356 openEuler-22.03-LTS-SP1 Medium 4.4 AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N linux-firmware security update 2024-12-13 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2550