microcode_ctl vulnerabilities

Known vulnerabilities in the microcode_ctl package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
H Insufficient Granularity of Access Control	<2:2.1-53.amzn2023.0.14
H Improper Handling of Overlap Between Protected Memory Ranges	<2:2.1-53.amzn2023.0.14
H Sequence of Processor Instructions Leads to Unexpected Behavior	<2:2.1-53.amzn2023.0.14
H Out-of-bounds Write	<2:2.1-53.amzn2023.0.14
H Improperly Implemented Security Check for Standard	<2:2.1-53.amzn2023.0.14
H Insufficient Resource Pool	<2:2.1-53.amzn2023.0.12
H CVE-2024-28956	<2:2.1-53.amzn2023.0.12
H Uncaught Exception	<2:2.1-53.amzn2023.0.12
H CVE-2024-45332	<2:2.1-53.amzn2023.0.12
H Out-of-Bounds	<2:2.1-53.amzn2023.0.13
H Insufficient Compartmentalization	<2:2.1-53.amzn2023.0.12
H Insufficient Control Flow Management	<2:2.1-53.amzn2023.0.13
H Missing Reference to Active Allocated Resource	<2:2.1-53.amzn2023.0.13
M CVE-2024-45332	<2:2.1-53.amzn2023.0.12
M Uncaught Exception	<2:2.1-53.amzn2023.0.12
M Insufficient Resource Pool	<2:2.1-53.amzn2023.0.12
M CVE-2024-28956	<2:2.1-53.amzn2023.0.12
M Insufficient Granularity of Access Control	<2:2.1-53.amzn2023.0.11
M Sequence of Processor Instructions Leads to Unexpected Behavior	<2:2.1-53.amzn2023.0.11
M Improper Finite State Machines (FSMs) in Hardware Logic	<2:2.1-53.amzn2023.0.11
H Incorrect Default Permissions	<2:2.1-53.amzn2023.0.9
H CVE-2024-23918	<2:2.1-53.amzn2023.0.9
H Improper Finite State Machines (FSMs) in Hardware Logic	<2:2.1-53.amzn2023.0.9
H CVE-2024-24980	<2:2.1-53.amzn2023.0.9
H Information Exposure	<2:2.1-53.amzn2023.0.9
H Improper Finite State Machines (FSMs) in Hardware Logic	<2:2.1-53.amzn2023.0.9
H CVE-2024-24853	<2:2.1-53.amzn2023.0.9
H CVE-2024-22374	<2:2.1-53.amzn2023.0.7
H CVE-2023-49141	<2:2.1-53.amzn2023.0.7
M CVE-2024-22374	<2:2.1-53.amzn2023.0.7
M Improper Cross-boundary Removal of Sensitive Data	<2:2.1-53.amzn2023
M Incorrect Default Permissions	<2:2.1-53.amzn2023.0.1
H Information Exposure	<2:2.1-53.amzn2023.0.3
M Protection Mechanism Failure	<2:2.1-53.amzn2023.0.5
M Non-Transparent Sharing of Microarchitectural Resources	<2:2.1-53.amzn2023.0.5
H Sequence of Processor Instructions Leads to Unexpected Behavior	<2:2.1-53.amzn2023.0.3
M Information Exposure	<2:2.1-53.amzn2023.0.2
M Incorrect Calculation	<2:2.1-53.amzn2023.0.1
M CVE-2022-21216	<2:2.1-53.amzn2023.0.1
M CVE-2022-38090	<2:2.1-53.amzn2023.0.1
M Improper Cross-boundary Removal of Sensitive Data	<2:2.1-53.amzn2023
M Information Exposure	<2:2.1-53.amzn2023
M Information Exposure	<2:2.1-53.amzn2023
M Improper Input Validation	<2:2.1-53.amzn2023
M Incorrect Default Permissions	<2:2.1-53.amzn2023

Vulnerability

Vulnerable Version

Insufficient Granularity of Access Control

<2:2.1-53.amzn2023.0.14

Improper Handling of Overlap Between Protected Memory Ranges

<2:2.1-53.amzn2023.0.14

Sequence of Processor Instructions Leads to Unexpected Behavior

<2:2.1-53.amzn2023.0.14

Out-of-bounds Write

<2:2.1-53.amzn2023.0.14

Improperly Implemented Security Check for Standard

<2:2.1-53.amzn2023.0.14