Debian Intel-Microcode vulnerabilities

CVE-2025-24305 [HIGH] CVE-2025-24305: intel-microcode - Insufficient control flow management in the Alias Checking Trusted Module (ACTM)... Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel(R) Xeon(R) processors may allow a privileged user to potentially enable escalation of privilege via local access. Scope: local bookworm: resolved (fixed in 3.20250812.1~deb12u1) bullseye: resolved (fixed in 3.20250812.1~deb11u1) forky: resolved (fixed in

CVE-2025-22889 [HIGH] CVE-2025-22889: intel-microcode - Improper handling of overlap between protected memory ranges for some Intel(R) X... Improper handling of overlap between protected memory ranges for some Intel(R) Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. Scope: local bookworm: resolved (fixed in 3.20250812.1~deb12u1) bullseye: resolved (fixed in 3.20250812.1~deb11u1) forky: resolved (fixed in 3.20250812

CVE-2025-22839 [HIGH] CVE-2025-22839: intel-microcode - Insufficient granularity of access control in the OOB-MSM for some Intel(R) Xeon... Insufficient granularity of access control in the OOB-MSM for some Intel(R) Xeon(R) 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. Scope: local bookworm: resolved (fixed in 3.20250812.1~deb12u1) bullseye: resolved (fixed in 3.20250812.1~deb11u1) forky: resolved (fixed in 3.20250812.1) sid:

CVE-2025-20109 [HIGH] CVE-2025-20109: intel-microcode - Improper Isolation or Compartmentalization in the stream cache mechanism for som... Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. Scope: local bookworm: resolved (fixed in 3.20250812.1~deb12u1) bullseye: resolved (fixed in 3.20250812.1~deb11u1) forky: resolved (fixed in 3.20250812.1) sid: re

CVE-2025-20053 [HIGH] CVE-2025-20053: intel-microcode - Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with S... Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. Scope: local bookworm: resolved (fixed in 3.20250812.1~deb12u1) bullseye: resolved (fixed in 3.20250812.1~deb11u1) forky: resolved (fixed in 3.20250812.1) sid: resolved (fixed i

CVE-2025-20623 [MEDIUM] CVE-2025-20623: intel-microcode - Exposure of sensitive information caused by shared microarchitectural predictor ... Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Core™ processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access. Scope: local bookworm: resolved (fixed in 3.20250512.1~deb12u1) bullseye: resolved (fixe

CVE-2025-21090 [MEDIUM] CVE-2025-21090: intel-microcode - Missing reference to active allocated resource for some Intel(R) Xeon(R) process... Missing reference to active allocated resource for some Intel(R) Xeon(R) processors may allow an authenticated user to potentially enable denial of service via local access. Scope: local bookworm: resolved (fixed in 3.20250812.1~deb12u1) bullseye: resolved (fixed in 3.20250812.1~deb11u1) forky: resolved (fixed in 3.20250812.1) sid: resolved (fixed in 3.202

CVE-2025-24495 [MEDIUM] CVE-2025-24495: intel-microcode - Incorrect initialization of resource in the branch prediction unit for some Inte... Incorrect initialization of resource in the branch prediction unit for some Intel(R) Core™ Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access. Scope: local bookworm: resolved (fixed in 3.20250512.1~deb12u1) bullseye: resolved (fixed in 3.20250512.1~deb11u1) forky: resolved (fixed in 3.20250512.1)

CVE-2025-20103 [MEDIUM] CVE-2025-20103: intel-microcode - Insufficient resource pool in the core management mechanism for some Intel(R) Pr... Insufficient resource pool in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access. Scope: local bookworm: resolved (fixed in 3.20250512.1~deb12u1) bullseye: resolved (fixed in 3.20250512.1~deb11u1) forky: resolved (fixed in 3.20250512.1) sid: resolved (fixed in

CVE-2025-20012 [MEDIUM] CVE-2025-20012: intel-microcode - Incorrect behavior order for some Intel(R) Core™ Ultra Processors may allow an u... Incorrect behavior order for some Intel(R) Core™ Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access. Scope: local bookworm: resolved (fixed in 3.20250512.1~deb12u1) bullseye: resolved (fixed in 3.20250512.1~deb11u1) forky: resolved (fixed in 3.20250512.1) sid: resolved (fixed in 3.20250512.1)

CVE-2025-22840 [MEDIUM] CVE-2025-22840: intel-microcode - Sequence of processor instructions leads to unexpected behavior for some Intel(R... Sequence of processor instructions leads to unexpected behavior for some Intel(R) Xeon(R) 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access Scope: local bookworm: resolved (fixed in 3.20250812.1~deb12u1) bullseye: resolved (fixed in 3.20250812.1~deb11u1) forky: resolved (fixed in 3.20250812

CVE-2025-26403 [MEDIUM] CVE-2025-26403: intel-microcode - Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) 6 processo... Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) 6 processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. Scope: local bookworm: resolved (fixed in 3.20250812.1~deb12u1) bullseye: resolved (fixed in 3.20250812.1~deb11u1) forky: resolved (fixed in 3.

CVE-2025-32086 [MEDIUM] CVE-2025-32086: intel-microcode - Improperly implemented security check for standard in the DDRIO configuration fo... Improperly implemented security check for standard in the DDRIO configuration for some Intel(R) Xeon(R) 6 Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. Scope: local bookworm: resolved (fixed in 3.20250812.1~deb12u1) bullseye: resolved (fixed in 3.20250812.1~deb

CVE-2025-20054 [MEDIUM] CVE-2025-20054: intel-microcode - Uncaught exception in the core management mechanism for some Intel(R) Processors... Uncaught exception in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access. Scope: local bookworm: resolved (fixed in 3.20250512.1~deb12u1) bullseye: resolved (fixed in 3.20250512.1~deb11u1) forky: resolved (fixed in 3.20250512.1) sid: resolved (fixed in 3.202505

CVE-2025-31648 [LOW] CVE-2025-31648: intel-microcode - Improper handling of values in the microcode flow for some Intel(R) Processor Fa... Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal

CVE-2024-29214 [HIGH] CVE-2024-29214: intel-microcode - Improper input validation in UEFI firmware CseVariableStorageSmm for some Intel(... Improper input validation in UEFI firmware CseVariableStorageSmm for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Scope: local bookworm: resolved (fixed in 3.20250211.1~deb12u1) bullseye: resolved (fixed in 3.20250211.1~deb11u1) forky: resolved (fixed in 3.20250211.1) sid: resolved (fixe

CVE-2024-23918 [HIGH] CVE-2024-23918: intel-microcode - Improper conditions check in some Intel(R) Xeon(R) processor memory controller c... Improper conditions check in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access. Scope: local bookworm: resolved (fixed in 3.20241112.1~deb12u1) bullseye: resolved (fixed in 3.20241112.1~deb11u1) forky: resolved (fixed in 3.2024111

CVE-2024-24853 [HIGH] CVE-2024-24853: intel-microcode - Incorrect behavior order in transition between executive monitor and SMI transfe... Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access. Scope: local bookworm: resolved (fixed in 3.20240813.1~deb12u1) bullseye: resolved (fixed in 3.20240813.1~deb11u1) forky: resolved (fixed in 3.20

CVE-2024-21820 [HIGH] CVE-2024-21820: intel-microcode - Incorrect default permissions in some Intel(R) Xeon(R) processor memory controll... Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access. Scope: local bookworm: resolved (fixed in 3.20241112.1~deb12u1) bullseye: resolved (fixed in 3.20241112.1~deb11u1) forky: resolved (fixed in 3.202

CVE-2024-28127 [HIGH] CVE-2024-28127: intel-microcode - Improper input validation in UEFI firmware for some Intel(R) Processors may allo... Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Scope: local bookworm: resolved (fixed in 3.20250211.1~deb12u1) bullseye: resolved (fixed in 3.20250211.1~deb11u1) forky: resolved (fixed in 3.20250211.1) sid: resolved (fixed in 3.20250211.1) tri