SUSE-SU-2025:1032-1

Source
https://www.suse.com/support/update/announcement/2025/suse-su-20251032-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:1032-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2025:1032-1
Related
Published
2025-03-26T14:22:25Z
Modified
2025-04-04T01:06:32.464909Z
Summary
Security update for microcode_ctl
Details

This update for microcode_ctl fixes the following issues:

  • CVE-2024-31068: Improper Finite State Machines (FSMs) in Hardware Logic for some Intel Processors may allow privileged user to potentially enable denial of service via local access. (bsc#1237096)
  • CVE-2024-36293: A potential security vulnerability in some Intel Software Guard Extensions (Intel SGX) Platforms may allow denial of service. Intel is releasing microcode updates to mitigate this potential vulnerability. (bsc#1237096)
  • CVE-2024-39355: A potential security vulnerability in some 13th and 14th Generation Intel Core Processors may allow denial of service. Intel is releasing microcode and UEFI reference code updates to mitigate this potential vulnerability. (bsc#1237096)
  • CVE-2024-37020: A potential security vulnerability in the Intel Data Streaming Accelerator (Intel DSA) for some Intel Xeon Processors may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability. (bsc#1237096)
  • CVE-2024-21853: Faulty finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel Xeon Processors may allow an authorized user to potentially enable denial of service via local access. (bsc#1233313)
  • CVE-2024-23918: Improper conditions check in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access. (bsc#1233313)
  • CVE-2024-21820: Incorrect default permissions in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access. (bsc#1233313)
  • CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in some Intel Processors may allow an privileged user to potentially enable a denial of service via local access. (bsc#1230400)
  • CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel Processors may allow a privileged user to potentially enable information disclosure via local access. (bsc#1230400)
  • CVE-2024-24853: Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access. (bsc#1229129)
  • CVE-2024-25939: Mirrored regions with different values in 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. (bsc#1229129)
  • CVE-2024-24980: Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. (bsc#1229129)
  • CVE-2023-42667: Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. (bsc#1229129)
  • CVE-2023-49141: Improper isolation in some Intel(R) Processors stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. (bsc#1229129)
  • CVE-2023-45733: Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access. (bsc#1224277)
  • CVE-2023-46103: Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local access. (bsc#1224277)
  • CVE-2023-45745: Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access. (bsc#1224277)
  • CVE-2023-47855: Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access. (bsc#1224277)
  • CVE-2023-39368: Protection mechanism failure of bus lock regulator for some Intel Processors may allow an unauthenticated user to potentially enable denial of service via network access. (bsc#1221323)
  • CVE-2023-38575: Non-transparent sharing of return predictor targets between contexts in some Intel Processors may allow an authorized user to potentially enable information disclosure via local access. (bsc#1221323)
  • CVE-2023-28746: Information exposure through microarchitectural state after transient execution from some register files for some Intel Atom Processors may allow an authenticated user to potentially enable information disclosure via local access. (bsc#1221323)
  • CVE-2023-22655: Protection mechanism failure in some 3rd and 4th Generation Intel Xeon Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. (bsc#1221323)
  • CVE-2023-43490: Incorrect calculation in microcode keying mechanism for some Intel Xeon D Processors with Intel SGX may allow a privileged user to potentially enable information disclosure via local access. (bsc#1221323)
  • CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation (bsc#1215278)
  • CVE-2022-40982: Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (bsc#1206418)
  • CVE-2023-23908: Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access.
  • CVE-2022-41804: Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Other fixes:

References

Affected packages

SUSE:Linux Enterprise Server 11 SP4 LTSS EXTREME CORE / microcode_ctl

Package

Name
microcode_ctl
Purl
pkg:rpm/suse/microcode_ctl&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.17-102.83.81.1

Ecosystem specific

{
    "binaries": [
        {
            "microcode_ctl": "1.17-102.83.81.1"
        }
    ]
}