Opened 9 months ago

Closed 9 months ago

Last modified 9 months ago

#21563 closed enhancement (fixed)

intel-microcode-20250512

Reported by: Xi Ruoyao Owned by: Douglas R. Reno
Priority: elevated Milestone: 12.4
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New microcode release with some security fixes.

Change History (7)

comment:1 by Douglas R. Reno, 9 months ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 9 months ago

  • CVE-2024-28956 (INTEL-SA-01153): Information Disclosure, Medium severity. "Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access."
  • CVE-2025-20103 (INTEL-SA-01244): Denial of service, Medium severity. "Insufficient resource pool in the core management mechanism for some Intel® Processors may allow an authenticated user to potentially enable denial of service via local access."
  • CVE-2024-43420 (INTEL-SA-01247): Information Disclosure, Medium severity. "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom® processors may allow an authenticated user to potentially enable information disclosure via local access."
  • CVE-2025-24495 (INTEL-SA-01322): Information Disclosure, Medium severity. " Incorrect initialization of resource in the branch prediction unit for some Intel® Core™ Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access."

comment:3 by Douglas R. Reno, 9 months ago

Resolution: fixed
Status: assignedclosed

Fixed at 8c99d67b45c5511989be0ed24a06dd966cbd3518

in reply to:  2 comment:4 by Douglas R. Reno, 9 months ago

Replying to Douglas R. Reno:

  • CVE-2024-28956 (INTEL-SA-01153): Information Disclosure, Medium severity. "Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access."
  • CVE-2025-20103 (INTEL-SA-01244): Denial of service, Medium severity. "Insufficient resource pool in the core management mechanism for some Intel® Processors may allow an authenticated user to potentially enable denial of service via local access."
  • CVE-2024-43420 (INTEL-SA-01247): Information Disclosure, Medium severity. "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom® processors may allow an authenticated user to potentially enable information disclosure via local access."
  • CVE-2025-24495 (INTEL-SA-01322): Information Disclosure, Medium severity. " Incorrect initialization of resource in the branch prediction unit for some Intel® Core™ Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access."

In INTEL-SA-01247, Intel has added CVE-2025-20623 and CVE-2024-45332 since the last time I viewed the advisory.

comment:5 by Douglas R. Reno, 9 months ago

INTEL-SA-01322 has had CVE-2025-20012 add to it.

comment:6 by Douglas R. Reno, 9 months ago

... and INTEL-SA-01244 has had CVE-2025-20054 added to it.

All of these will make it in the advisory, though I wish there was a revision log there so I knew exactly when those were added. It acts like I accessed it when they were still drafts.

comment:7 by Douglas R. Reno, 9 months ago

SA-12.3-029 issued

Note: See TracTickets for help on using tickets.