Updated microcode packages fix security vulnerabilities
Publication date: 23 May 2025Modification date: 23 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-28956 , CVE-2025-20103 , CVE-2025-20054 , CVE-2024-43420 , CVE-2025-20623 , CVE-2024-45332 , CVE-2025-24495 , CVE-2025-20012
Description
Exposure of Sensitive Information in Shared Microarchitectural
Structures during Transient Execution for some Intel® Processors may
allow an authenticated user to potentially enable information disclosure
via local access. (CVE-2024-28956)
Insufficient resource pool in the core management mechanism for some
Intel® Processors may allow an authenticated user to potentially enable
denial of service via local access. (CVE-2025-20103)
Uncaught exception in the core management mechanism for some Intel®
Processors may allow an authenticated user to potentially enable denial
of service via local access. (CVE-2025-20054)
Exposure of sensitive information caused by shared microarchitectural
predictor state that influences transient execution for some Intel Atom®
processors may allow an authenticated user to potentially enable
information disclosure via local access. (CVE-2024-43420)
Exposure of sensitive information caused by shared microarchitectural
predictor state that influences transient execution for some Intel®
Core™ processors (10th Generation) may allow an authenticated user to
potentially enable information disclosure via local access.
(CVE-2025-20623)
Exposure of sensitive information caused by shared microarchitectural
predictor state that influences transient execution in the indirect
branch predictors for some Intel® Processors may allow an authenticated
user to potentially enable information disclosure via local access.
(CVE-2024-45332)
Incorrect initialization of resource in the branch prediction unit for
some Intel® Core™ Ultra Processors may allow an authenticated user to
potentially enable information disclosure via local access.
(CVE-2025-24495)
Incorrect behavior order for some Intel® Core™ Ultra Processors may
allow an unauthenticated user to potentially enable information
disclosure via physical access. (CVE-2025-20012)
References
- https://bugs.mageia.org/show_bug.cgi?id=34279
- https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28956
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20103
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20054
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43420
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20623
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45332
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24495
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20012
SRPMS
9/nonfree
- microcode-0.20250512-1.mga9.nonfree