OESA-2025-1528

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1528
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2025-1528.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2025-1528
Upstream
Published
2025-05-16T13:25:15Z
Modified
2025-08-12T05:43:02.796119Z
Summary
microcode_ctl security update
Details

This is a tool to transform and deploy microcode update for x86 CPUs.

Security Fix(es):

Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2024-28956)

Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom(R) processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2024-43420)

Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2024-45332)

Incorrect behavior order for some Intel(R) Core™ Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access.(CVE-2025-20012)

Uncaught exception in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access.(CVE-2025-20054)

Insufficient resource pool in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access.(CVE-2025-20103)

Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Core™ processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2025-20623)

Incorrect initialization of resource in the branch prediction unit for some Intel(R) Core™ Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2025-24495)

Database specific 
{
    "severity": "Medium"
}
References

Affected packages

openEuler:20.03-LTS-SP4 / microcode_ctl

Package

Name
microcode_ctl
Purl
pkg:rpm/openEuler/microcode_ctl&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20250512-1.oe2003sp4

Ecosystem specific 

{
    "x86_64": [
        "microcode_ctl-20250512-1.oe2003sp4.x86_64.rpm"
    ],
    "src": [
        "microcode_ctl-20250512-1.oe2003sp4.src.rpm"
    ]
}

openEuler:22.03-LTS-SP3 / microcode_ctl

Package

Name
microcode_ctl
Purl
pkg:rpm/openEuler/microcode_ctl&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20250512-1.oe2203sp3

Ecosystem specific 

{
    "x86_64": [
        "microcode_ctl-20250512-1.oe2203sp3.x86_64.rpm"
    ],
    "src": [
        "microcode_ctl-20250512-1.oe2203sp3.src.rpm"
    ]
}

openEuler:22.03-LTS-SP4 / microcode_ctl

Package

Name
microcode_ctl
Purl
pkg:rpm/openEuler/microcode_ctl&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20250512-1.oe2203sp4

Ecosystem specific 

{
    "x86_64": [
        "microcode_ctl-20250512-1.oe2203sp4.x86_64.rpm"
    ],
    "src": [
        "microcode_ctl-20250512-1.oe2203sp4.src.rpm"
    ]
}

openEuler:24.03-LTS / microcode_ctl

Package

Name
microcode_ctl
Purl
pkg:rpm/openEuler/microcode_ctl&distro=openEuler-24.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20250512-1.oe2403sp1

Ecosystem specific 

{
    "x86_64": [
        "microcode_ctl-20250512-1.oe2403.x86_64.rpm",
        "microcode_ctl-20250512-1.oe2403sp1.x86_64.rpm"
    ],
    "src": [
        "microcode_ctl-20250512-1.oe2403.src.rpm",
        "microcode_ctl-20250512-1.oe2403sp1.src.rpm"
    ]
}

openEuler:24.03-LTS-SP1 / microcode_ctl

Package

Name
microcode_ctl
Purl
pkg:rpm/openEuler/microcode_ctl&distro=openEuler-24.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20250512-1.oe2403sp1

Ecosystem specific 

{
    "x86_64": [
        "microcode_ctl-20250512-1.oe2403sp1.x86_64.rpm"
    ],
    "src": [
        "microcode_ctl-20250512-1.oe2403sp1.src.rpm"
    ]
}