Debian Amd64-Microcode vulnerabilities

CVE-2025-62626 [HIGH] CVE-2025-62626: amd64-microcode - Improper handling of insufficient entropy in the AMD CPUs could allow a local at... Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 3.20251202.1) sid: resolved (fixed in 3.20251202.1) trixie: open

CVE-2025-29934 [MEDIUM] CVE-2025-29934: amd64-microcode - A bug within some AMD CPUs could allow a local admin-privileged attacker to run ... A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2025-48514 [MEDIUM] CVE-2025-48514: amd64-microcode - Insufficient Granularity of Access Control in SEV firmware can allow a privilege... Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2025-48517 [MEDIUM] CVE-2025-48517: amd64-microcode - Insufficient Granularity of Access Control in SEV firmware could allow a privile... Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potentially resulting in a partial loss of confidentiality. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2025-0033 [MEDIUM] CVE-2025-0033: amd64-microcode - Improper access control within AMD SEV-SNP could allow an admin privileged attac... Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization, potentially resulting in a loss of SEV-SNP guest memory integrity. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2025-29943 [MEDIUM] CVE-2025-29943: amd64-microcode - Write what were condition within AMD CPUs may allow an admin-privileged attacker... Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 3.20251202.1) sid: resolved (fixed in 3.20251202.1) trixie: open

CVE-2025-52534 [MEDIUM] CVE-2025-52534: amd64-microcode - Improper bound check within AMD CPU microcode can allow a malicious guest to wri... Improper bound check within AMD CPU microcode can allow a malicious guest to write to host memory, potentially resulting in loss of integrity. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2025-52536 [MEDIUM] CVE-2025-52536: amd64-microcode - Improper Prevention of Lock Bit Modification in SEV firmware could allow a privi... Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrity. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2025-54514 [MEDIUM] CVE-2025-54514: amd64-microcode - Improper isolation of shared resources on a system on a chip by a malicious loca... Improper isolation of shared resources on a system on a chip by a malicious local attacker with high privileges could potentially lead to a partial loss of integrity. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2024-56161 [HIGH] CVE-2024-56161: amd64-microcode - Improper signature verification in AMD CPU ROM microcode patch loader may allow ... Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP. Scope: local bookworm: resolved (fixed in 3.20250311.1~deb12u1) bullseye: resolved (fixed in 3.2025

CVE-2024-36350 [MEDIUM] CVE-2024-36350: amd64-microcode - A transient execution vulnerability in some AMD processors may allow an attacker... A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 3.20251202.1) sid: resolved (fixed in 3.20251202.1) trixie: open

CVE-2024-36357 [MEDIUM] CVE-2024-36357: amd64-microcode - A transient execution vulnerability in some AMD processors may allow an attacker... A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 3.20251202.1) sid: resolved (fixed in 3.20251202.1) trixie: open

CVE-2024-36349 [LOW] CVE-2024-36349: amd64-microcode - A transient execution vulnerability in some AMD processors may allow a user proc... A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2024-36348 [LOW] CVE-2024-36348: amd64-microcode - A transient execution vulnerability in some AMD processors may allow a user proc... A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2023-31315 [HIGH] CVE-2023-31315: amd64-microcode - Improper validation in a model specific register (MSR) could allow a malicious p... Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution. Scope: local bookworm: resolved (fixed in 3.20240710.2~deb12u1) bullseye: resolved (fixed in 3.20240710.2~deb11u1) forky: resolved (fixed in 3.20240710

CVE-2023-31356 [MEDIUM] CVE-2023-31356: amd64-microcode - Incomplete system memory cleanup in SEV firmware could allow a privileged attack... Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity. Scope: local bookworm: resolved (fixed in 3.20240820.1~deb12u1) bullseye: resolved (fixed in 3.20240820.1~deb11u1) forky: resolved (fixed in 3.20240820.1) sid: resolved (fixed in 3.20240820.1

CVE-2023-20584 [MEDIUM] CVE-2023-20584: amd64-microcode - IOMMU improperly handles certain special address ranges with invalid device tabl... IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity. Scope: local bookworm: resolved (fixed in 3.20240820.1~deb12u1) bullseye: resolved

CVE-2023-20592 [MEDIUM] CVE-2023-20592: amd64-microcode - Improper or unexpected behavior of the INVD instruction in some AMD CPUs may all... Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity. Scope: local bookworm: resolved (fixed in 3.20230719.1~deb12u1) bullseye: resolved (fixed in 3.20230719.1~d

CVE-2023-20569 [MEDIUM] CVE-2023-20569: amd64-microcode - A side channel vulnerability on some of the AMD CPUs may allow an attacker to in... A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. Scope: local bookworm: resolved (fixed in 3.20230719.1~deb12u1) bullseye: resolved (fixed in 3.20230719.1~deb11u1) f

CVE-2023-20593 [MEDIUM] CVE-2023-20593: amd64-microcode - An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may a... An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. Scope: local bookworm: resolved (fixed in 3.20230719.1~deb12u1) bullseye: resolved (fixed in 3.20230719.1~deb11u1) forky: resolved (fixed in 3.20230719.1) sid: resolved (fixed in 3.20230719.1) trixie: resolved (fixed