Debian alert DLA-4170-1 (intel-microcode)
| From: | Tobias Frost <tobi@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 4170-1] intel-microcode security update | |
| Date: | Sun, 18 May 2025 19:20:12 +0200 | |
| Message-ID: | <aCoWzGPnmG1414g7@isildor2.loewenhoehle.ip> |
------------------------------------------------------------------------- Debian LTS Advisory DLA-4170-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Tobias Frost May 18, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : intel-microcode Version : 3.20250512.1~deb11u1 CVE ID : CVE-2024-28956 CVE-2024-43420 CVE-2024-45332 CVE-2025-20012 CVE-2025-20054 CVE-2025-20103 CVE-2025-20623 CVE-2025-24495 Debian Bug : 1105172 Microcode updates has been released for Intel(R) processors, addressing multiple potential vulnerabilties that may allow denial of service or information disclosure. CVE-2024-28956 Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2024-43420 Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom(R) processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2024-45332 Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2025-20012 Incorrect behavior order for some Intel(R) Core™ Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access. CVE-2025-20054 Uncaught exception in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access. CVE-2025-20103 Insufficient resource pool in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access. CVE-2025-20623 Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Core™ processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access. CVE-2025-24495 Incorrect initialization of resource in the branch prediction unit for some Intel(R) Core™ Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access. For Debian 11 bullseye, these problems have been fixed in version 3.20250512.1~deb11u1. We recommend that you upgrade your intel-microcode packages. For the detailed security status of intel-microcode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/intel-microcode Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmgqFskACgkQkWT6HRe9 XTawlg//VMvx/im2a8Fk5EZjEcyWOnasjMrCyVgSK1X1wg3pEv1JJJ78//ywH+f1 lRcSkn1yHrfZ5VRrS14OpUdwQLfaSqau9wvrfQcZ0pxLodCqqfC1FZLFfX7X8Ap6 Jxe8Pdd38uWfSOjw4icokzteoGTlLzeHfjzxdKxpRpzokF+1e7CI2QMsHV2I4b0d 4VjR5QEJzbMwQK3ZnDxZX4HquooNx0J8U7y2sHrQf52Lpad3//EVJZ6PcM7jh4Vi Q8bU5CwhRR0Qqrh1MWJfcd66y0WOXOFoT3ZsFOgH6G+BrQ63aRjdgapVri5+1V5s W9i7bKdzr5HcoucD1oNGBaCTjUpotc0F8VG0XO8dQi8qY3+RwinRopOERoFC4Q6U XRSS8/33e4jdzuoCN2MGbghnguhbDYTG+KZAOQB46Pw3X/ospnQQsniYFVRUIBX4 Pnt6kFy4av1TYP0rBe+CLDHbP1kzte+vfKRI/9QFjGlisyTt7bnCjTR+5swoZe/3 5WTZoMcw4HV9kIVlX68jemxpRQMi2e/XdIaFrFuKWKRw1V+GcpQZGYsJnPy66TKn a4qwD3oc3/u3edgR2v3CdqUWs9TuP2rk6uUr2G8eM1npE5ijDGqqfEmRgX6KamBq HdFncgxKuuTkNQsZPFKhZwQFsLgyQCPvBsO3ixvQbLWqq85oDYE= =9xwU -----END PGP SIGNATURE-----