SUSE-SU-2025:03053-1
- Source
- https://www.suse.com/support/update/announcement/2025/suse-su-202503053-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:03053-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2025:03053-1
- Upstream
- Related
- Published
- 2025-09-02T17:42:12Z
- Modified
- 2025-09-03T16:16:15.359865Z
- Summary
- Security update for ucode-intel
- Details
-
This update for ucode-intel fixes the following issues:
Intel CPU Microcode was updated to the 20250812 release (bsc#1248438)
- CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2025-22840: Sequence of processor instructions leads to unexpected behavior for some Intel Xeon 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access
- CVE-2025-22839: Insufficient granularity of access control in the OOB-MSM for some Intel Xeon 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access.
- CVE-2025-22889: Improper handling of overlap between protected memory ranges for some Intel Xeon 6 processor with Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2025-20053: Improper buffer restrictions for some Intel Xeon Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2025-26403: Out-of-bounds write in the memory subsystem for some Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2025-32086: Improperly implemented security check for standard in the DDRIO configuration for some Intel Xeon 6 Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access.
- Update for functional issues.
Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ARL-H | A1 | 06-c5-02/82 | 00000118 | 00000119 | Core Ultra Processor (Series 2) | ARL-S/HX (8P) | B0 | 06-c6-02/82 | 00000118 | 00000119 | Core Ultra Processor (Series 2) | EMR-SP | A1 | 06-cf-02/87 | 210002a9 | 210002b3 | Xeon Scalable Gen5 | GNR-AP/SP | B0 | 06-ad-01/95 | 010003a2 | 010003d0 | Xeon Scalable Gen6 | GNR-AP/SP | H0 | 06-ad-01/20 | 0a0000d1 | 0a000100 | Xeon Scalable Gen6 | ICL-D | B0 | 06-6c-01/10 | 010002d0 | 010002e0 | Xeon D-17xx, D-27xx | ICX-SP | Dx/M1 | 06-6a-06/87 | 0d000404 | 0d000410 | Xeon Scalable Gen3 | LNL | B0 | 06-bd-01/80 | 0000011f | 00000123 | Core Ultra 200 V Series Processor | MTL | C0 | 06-aa-04/e6 | 00000024 | 00000025 | Core™ Ultra Processor | RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004128 | 00004129 | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004128 | 00004129 | Core Gen13 | SPR-HBM | Bx | 06-8f-08/10 | 2c0003f7 | 2c000401 | Xeon Max | SPR-SP | E4/S2 | 06-8f-07/87 | 2b000639 | 2b000643 | Xeon Scalable Gen4 | SPR-SP | E5/S3 | 06-8f-08/87 | 2b000639 | 2b000643 | Xeon Scalable Gen4 | SRF-SP | C0 | 06-af-03/01 | 03000341 | 03000362 | Xeon 6700-Series Processors with E-Cores
New Disclosures Updated in Prior Releases: All ADL, RPL, SPR, EMR, MTL, ARL Microcode patches previously released in May 2025.
- References
-
- https://www.suse.com/support/update/announcement/2025/suse-su-202503053-1/
- https://bugzilla.suse.com/1248438
- https://www.suse.com/security/cve/CVE-2025-20053
- https://www.suse.com/security/cve/CVE-2025-20109
- https://www.suse.com/security/cve/CVE-2025-22839
- https://www.suse.com/security/cve/CVE-2025-22840
- https://www.suse.com/security/cve/CVE-2025-22889
- https://www.suse.com/security/cve/CVE-2025-26403
- https://www.suse.com/security/cve/CVE-2025-32086
Affected packages
SUSE:Linux Enterprise Micro 5.3 / ucode-intel
Package
- Name
- ucode-intel
- Purl
- pkg:rpm/suse/ucode-intel&distro=SUSE%20Linux%20Enterprise%20Micro%205.3
SUSE:Linux Enterprise Micro 5.4 / ucode-intel
Package
- Name
- ucode-intel
- Purl
- pkg:rpm/suse/ucode-intel&distro=SUSE%20Linux%20Enterprise%20Micro%205.4
SUSE:Linux Enterprise Micro 5.5 / ucode-intel
Package
- Name
- ucode-intel
- Purl
- pkg:rpm/suse/ucode-intel&distro=SUSE%20Linux%20Enterprise%20Micro%205.5
SUSE:Linux Enterprise Module for Basesystem 15 SP6 / ucode-intel
Package
- Name
- ucode-intel
- Purl
- pkg:rpm/suse/ucode-intel&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6
SUSE:Linux Enterprise Module for Basesystem 15 SP7 / ucode-intel
Package
- Name
- ucode-intel
- Purl
- pkg:rpm/suse/ucode-intel&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7
SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS / ucode-intel
Package
- Name
- ucode-intel
- Purl
- pkg:rpm/suse/ucode-intel&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS
SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS / ucode-intel
Package
- Name
- ucode-intel
- Purl
- pkg:rpm/suse/ucode-intel&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS
SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS / ucode-intel
Package
- Name
- ucode-intel
- Purl
- pkg:rpm/suse/ucode-intel&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS
SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS / ucode-intel
Package
- Name
- ucode-intel
- Purl
- pkg:rpm/suse/ucode-intel&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS
SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSS / ucode-intel
Package
- Name
- ucode-intel
- Purl
- pkg:rpm/suse/ucode-intel&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS
SUSE:Linux Enterprise Server 15 SP3-LTSS / ucode-intel
Package
- Name
- ucode-intel
- Purl
- pkg:rpm/suse/ucode-intel&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS
SUSE:Linux Enterprise Server 15 SP4-LTSS / ucode-intel
Package
- Name
- ucode-intel
- Purl
- pkg:rpm/suse/ucode-intel&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS
SUSE:Linux Enterprise Server 15 SP5-LTSS / ucode-intel
Package
- Name
- ucode-intel
- Purl
- pkg:rpm/suse/ucode-intel&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS
SUSE:Linux Enterprise Server for SAP Applications 15 SP3 / ucode-intel
Package
- Name
- ucode-intel
- Purl
- pkg:rpm/suse/ucode-intel&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3
SUSE:Linux Enterprise Server for SAP Applications 15 SP4 / ucode-intel
Package
- Name
- ucode-intel
- Purl
- pkg:rpm/suse/ucode-intel&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4
SUSE:Linux Enterprise Server for SAP Applications 15 SP5 / ucode-intel
Package
- Name
- ucode-intel
- Purl
- pkg:rpm/suse/ucode-intel&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5
SUSE:Manager Proxy LTS 4.3 / ucode-intel
Package
- Name
- ucode-intel
- Purl
- pkg:rpm/suse/ucode-intel&distro=SUSE%20Manager%20Proxy%20LTS%204.3
SUSE:Manager Server LTS 4.3 / ucode-intel
Package
- Name
- ucode-intel
- Purl
- pkg:rpm/suse/ucode-intel&distro=SUSE%20Manager%20Server%20LTS%204.3
SUSE:Linux Enterprise Micro 5.1 / ucode-intel
Package
- Name
- ucode-intel
- Purl
- pkg:rpm/suse/ucode-intel&distro=SUSE%20Linux%20Enterprise%20Micro%205.1
SUSE:Linux Enterprise Micro 5.2 / ucode-intel
Package
- Name
- ucode-intel
- Purl
- pkg:rpm/suse/ucode-intel&distro=SUSE%20Linux%20Enterprise%20Micro%205.2
SUSE:Enterprise Storage 7.1 / ucode-intel
Package
- Name
- ucode-intel
- Purl
- pkg:rpm/suse/ucode-intel&distro=SUSE%20Enterprise%20Storage%207.1