Opened 6 months ago

Closed 6 months ago

#21997 closed enhancement (fixed)

intel-microcode-20250812

Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: elevated Milestone: 12.4
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New dated version with some security fixes and functionality fixes as well.

Release notes:

  • Security updates for INTEL-SA-01249
  • Security updates for INTEL-SA-01308
  • Security updates for INTEL-SA-01310
  • Security updates for INTEL-SA-01311
  • Security updates for INTEL-SA-01313
  • Security updates for INTEL-SA-01367
  • Update for functional issues. Refer to 13th/14th Gen Intel® Core™ Processor Specification Update for details.
  • Update for functional issues. Refer to 3rd Gen Intel® Xeon® Processor Scalable Family Specification Update for details.
  • Update for functional issues. Refer to 4th Gen Intel® Xeon® Scalable Processors Specification Update for details.
  • Update for functional issues. Refer to 5th Gen Intel® Xeon® Scalable Processors Specification Update for details.
  • Update for functional issues. Refer to 6th Gen Intel® Xeon® Scalable Processors Specification Update for details.
  • Update for functional issues. Refer to Intel® Core™ Ultra 200 V Series Processor for details.
  • Update for functional issues. Refer to Intel® Core™ Ultra Processor for details.
  • Update for functional issues. Refer to Intel® Core™ Ultra Processor (Series 2) for details.
  • Update for functional issues. Refer to Intel® Xeon® 6700-Series Processor Specification Update for details.
  • Update for functional issues. Refer to Intel® Xeon® D-2700 Processor Specification Update for details.

Security Information

  • Intel-SA-01249: CVE-2025-20109 (7.8 High) - Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel® Processors may allow an authenticated user to potentially enable escalation of privilege via local access. All families from the 12th-generation Core CPUs onwards are impacted.
  • Intel-SA-01308: CVE-2025-22840 (7.4 High) - Sequence of processor instructions leads to unexpected behavior for some Intel® Xeon® 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access. Only 6th-generation Xeon Scalable CPUs with P-Cores impacted.
  • Intel-SA-01310: CVE-2025-22839 (7.5 High) - Insufficient granularity of access control in the OOB-MSM for some Intel® Xeon® 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. All 6th-generation Xeon 6 Scalable CPUs affected.
  • Intel-SA-01311: CVE-2025-22889 (7.5 High) - Improper handling of overlap between protected memory ranges for some Intel® Xeon® 6 processor with Intel® TDX may allow a privileged user to potentially enable escalation of privilege via local access. All 6th-generation Xeon Scalable CPUs with P-Cores are impacted.
  • Intel-SA-01313: CVE-2025-20053 (7.2 High), CVE-2025-24305 (7.2 High), and CVE-2025-21090 (6.5 Medium). CVE-2025-20053 has the description of: "Improper buffer restrictions for some Intel® Xeon® Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access.". CVE-2025-24305 has the description of: "Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel® Xeon® processors may allow a privileged user to potentially enable escalation of privilege via local access.". CVE-2025-21090 has the description of: "Missing reference to active allocated resource for some Intel® Xeon® processors may allow an authenticated user to potentially enable denial of service via local access.". These impact the Xeon 4th/5th/6th generation Scalable CPUs as well as the Xeon W-2400 and Xeon W-3400 series CPUs.
  • Intel-SA-01367: CVE-2025-26403 (7.2 High), and CVE-2025-32086 (7.2 High). CVE-2025-26403 has the description of: "Out-of-bounds write in the memory subsystem for some Intel® Xeon® 6 processors when using Intel® SGX or Intel® TDX may allow a privileged user to potentially enable escalation of privilege via local access.". CVE-2025-32086 has the description of: "Improperly implemented security check for standard in the DDRIO configuration for some Intel® Xeon® 6 Processors when using Intel® SGX or Intel® TDX may allow a privileged user to potentially enable escalation of privilege via local access." These issues only impact the 6th-generation Intel Xeon Scalable CPUs.

Change History (2)

comment:1 by Douglas R. Reno, 6 months ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 6 months ago

Resolution: fixed
Status: assignedclosed

Fixed at a6c149183a997e25387647c8a7bef872f08b1b9f

SA-12.3-094 issued

Note: See TracTickets for help on using tickets.