As far as I can tell on the Intel page linked above, the CVEs were issued against vulnerabilities in the Manageability Engine, Server Platform Service, and the Trusted Execution Engine.
I believe the intel-microcode package only contains microcode for the CPU, and doesn't contain firmware for the ME, SPS and TXE. To update those components, you need to apply firmware updates from the computer manufacturer.
I am removing the references to CVEs from this bug. If you disagree with my assessment, please comment below. Thanks!
Thanks for filing this issue.
As far as I can tell on the Intel page linked above, the CVEs were issued against vulnerabilities in the Manageability Engine, Server Platform Service, and the Trusted Execution Engine.
I believe the intel-microcode package only contains microcode for the CPU, and doesn't contain firmware for the ME, SPS and TXE. To update those components, you need to apply firmware updates from the computer manufacturer.
I am removing the references to CVEs from this bug. If you disagree with my assessment, please comment below. Thanks!