Source: intel-microcode Version: 3.20250512.1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: found -1 3.20250512.1~deb12u1
Hi, The following vulnerabilities were published for intel-microcode. CVE-2025-20053[0]: | Improper buffer restrictions for some Intel(R) Xeon(R) Processor | firmware with SGX enabled may allow a privileged user to potentially | enable escalation of privilege via local access. CVE-2025-20109[1]: | Improper Isolation or Compartmentalization in the stream cache | mechanism for some Intel(R) Processors may allow an authenticated | user to potentially enable escalation of privilege via local access. CVE-2025-21090[2]: | Missing reference to active allocated resource for some Intel(R) | Xeon(R) processors may allow an authenticated user to potentially | enable denial of service via local access. CVE-2025-22839[3]: | Insufficient granularity of access control in the OOB-MSM for some | Intel(R) Xeon(R) 6 Scalable processors may allow a privileged user | to potentially enable escalation of privilege via adjacent access. CVE-2025-22840[4]: | Sequence of processor instructions leads to unexpected behavior for | some Intel(R) Xeon(R) 6 Scalable processors may allow an | authenticated user to potentially enable escalation of privilege via | local access CVE-2025-22889[5]: | Improper handling of overlap between protected memory ranges for | some Intel(R) Xeon(R) 6 processor with Intel(R) TDX may allow a | privileged user to potentially enable escalation of privilege via | local access. CVE-2025-24305[6]: | Insufficient control flow management in the Alias Checking Trusted | Module (ACTM) firmware for some Intel(R) Xeon(R) processors may | allow a privileged user to potentially enable escalation of | privilege via local access. CVE-2025-26403[7]: | Out-of-bounds write in the memory subsystem for some Intel(R) | Xeon(R) 6 processors when using Intel(R) SGX or Intel(R) TDX may | allow a privileged user to potentially enable escalation of | privilege via local access. CVE-2025-32086[8]: | Improperly implemented security check for standard in the DDRIO | configuration for some Intel(R) Xeon(R) 6 Processors when using | Intel(R) SGX or Intel(R) TDX may allow a privileged user to | potentially enable escalation of privilege via local access. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-20053 https://www.cve.org/CVERecord?id=CVE-2025-20053 [1] https://security-tracker.debian.org/tracker/CVE-2025-20109 https://www.cve.org/CVERecord?id=CVE-2025-20109 [2] https://security-tracker.debian.org/tracker/CVE-2025-21090 https://www.cve.org/CVERecord?id=CVE-2025-21090 [3] https://security-tracker.debian.org/tracker/CVE-2025-22839 https://www.cve.org/CVERecord?id=CVE-2025-22839 [4] https://security-tracker.debian.org/tracker/CVE-2025-22840 https://www.cve.org/CVERecord?id=CVE-2025-22840 [5] https://security-tracker.debian.org/tracker/CVE-2025-22889 https://www.cve.org/CVERecord?id=CVE-2025-22889 [6] https://security-tracker.debian.org/tracker/CVE-2025-24305 https://www.cve.org/CVERecord?id=CVE-2025-24305 [7] https://security-tracker.debian.org/tracker/CVE-2025-26403 https://www.cve.org/CVERecord?id=CVE-2025-26403 [8] https://security-tracker.debian.org/tracker/CVE-2025-32086 https://www.cve.org/CVERecord?id=CVE-2025-32086 [9] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812 Regards, Salvatore
