{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Medium" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"microcode_ctl security update", "category":"general", "title":"Synopsis" }, { "text":"An update for microcode_ctl is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1", "category":"general", "title":"Summary" }, { "text":"This is a tool to transform and deploy microcode update for x86 CPUs.\n\nSecurity Fix(es):\n\nExposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2024-28956)\n\nExposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom(R) processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2024-43420)\n\nExposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2024-45332)\n\nIncorrect behavior order for some Intel(R) Core™ Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access.(CVE-2025-20012)\n\nUncaught exception in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access.(CVE-2025-20054)\n\nInsufficient resource pool in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access.(CVE-2025-20103)\n\nExposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Core™ processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2025-20623)\n\nIncorrect initialization of resource in the branch prediction unit for some Intel(R) Core™ Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2025-24495)", "category":"general", "title":"Description" }, { "text":"An update for microcode_ctl is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Medium", "category":"general", "title":"Severity" }, { "text":"microcode_ctl", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2025-1528", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1528" }, { "summary":"CVE-2024-28956", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-28956&packageName=microcode_ctl" }, { "summary":"CVE-2024-43420", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-43420&packageName=microcode_ctl" }, { "summary":"CVE-2024-45332", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-45332&packageName=microcode_ctl" }, { "summary":"CVE-2025-20012", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-20012&packageName=microcode_ctl" }, { "summary":"CVE-2025-20054", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-20054&packageName=microcode_ctl" }, { "summary":"CVE-2025-20103", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-20103&packageName=microcode_ctl" }, { "summary":"CVE-2025-20623", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-20623&packageName=microcode_ctl" }, { "summary":"CVE-2025-24495", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-24495&packageName=microcode_ctl" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28956" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43420" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45332" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-20012" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-20054" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-20103" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-20623" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24495" }, { "summary":"openEuler-SA-2025-1528 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openeuler-sa-2025-1528.json" } ], "title":"An update for microcode_ctl is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1", "tracking":{ "initial_release_date":"2025-05-16T21:24:48+08:00", "revision_history":[ { "date":"2025-05-16T21:24:48+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2025-05-16T21:24:48+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2025-05-16T21:24:48+08:00", "id":"openEuler-SA-2025-1528", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"openEuler-20.03-LTS-SP4", "name":"openEuler-20.03-LTS-SP4" }, "name":"openEuler-20.03-LTS-SP4", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"openEuler-22.03-LTS-SP3", "name":"openEuler-22.03-LTS-SP3" }, "name":"openEuler-22.03-LTS-SP3", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"openEuler-22.03-LTS-SP4", "name":"openEuler-22.03-LTS-SP4" }, "name":"openEuler-22.03-LTS-SP4", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"openEuler-24.03-LTS", "name":"openEuler-24.03-LTS" }, "name":"openEuler-24.03-LTS", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"openEuler-24.03-LTS-SP1", "name":"openEuler-24.03-LTS-SP1" }, "name":"openEuler-24.03-LTS-SP1", "category":"product_version" } ], "category":"product_name" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"microcode_ctl-20250512-1.oe2003sp4.src.rpm", "name":"microcode_ctl-20250512-1.oe2003sp4.src.rpm" }, "name":"microcode_ctl-20250512-1.oe2003sp4.src.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"microcode_ctl-20250512-1.oe2203sp3.src.rpm", "name":"microcode_ctl-20250512-1.oe2203sp3.src.rpm" }, "name":"microcode_ctl-20250512-1.oe2203sp3.src.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"microcode_ctl-20250512-1.oe2203sp4.src.rpm", "name":"microcode_ctl-20250512-1.oe2203sp4.src.rpm" }, "name":"microcode_ctl-20250512-1.oe2203sp4.src.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"microcode_ctl-20250512-1.oe2403.src.rpm", "name":"microcode_ctl-20250512-1.oe2403.src.rpm" }, "name":"microcode_ctl-20250512-1.oe2403.src.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"microcode_ctl-20250512-1.oe2403sp1.src.rpm", "name":"microcode_ctl-20250512-1.oe2403sp1.src.rpm" }, "name":"microcode_ctl-20250512-1.oe2403sp1.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"microcode_ctl-20250512-1.oe2003sp4.x86_64.rpm", "name":"microcode_ctl-20250512-1.oe2003sp4.x86_64.rpm" }, "name":"microcode_ctl-20250512-1.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"microcode_ctl-20250512-1.oe2203sp3.x86_64.rpm", "name":"microcode_ctl-20250512-1.oe2203sp3.x86_64.rpm" }, "name":"microcode_ctl-20250512-1.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"microcode_ctl-20250512-1.oe2203sp4.x86_64.rpm", "name":"microcode_ctl-20250512-1.oe2203sp4.x86_64.rpm" }, "name":"microcode_ctl-20250512-1.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"microcode_ctl-20250512-1.oe2403.x86_64.rpm", "name":"microcode_ctl-20250512-1.oe2403.x86_64.rpm" }, "name":"microcode_ctl-20250512-1.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"microcode_ctl-20250512-1.oe2403sp1.x86_64.rpm", "name":"microcode_ctl-20250512-1.oe2403sp1.x86_64.rpm" }, "name":"microcode_ctl-20250512-1.oe2403sp1.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"microcode_ctl-20250512-1.oe2003sp4.src.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.src", "name":"microcode_ctl-20250512-1.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"microcode_ctl-20250512-1.oe2203sp3.src.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.src", "name":"microcode_ctl-20250512-1.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"microcode_ctl-20250512-1.oe2203sp4.src.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.src", "name":"microcode_ctl-20250512-1.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"microcode_ctl-20250512-1.oe2403.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.src", "name":"microcode_ctl-20250512-1.oe2403.src as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"microcode_ctl-20250512-1.oe2403sp1.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.src", "name":"microcode_ctl-20250512-1.oe2403sp1.src as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"microcode_ctl-20250512-1.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.x86_64", "name":"microcode_ctl-20250512-1.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"microcode_ctl-20250512-1.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.x86_64", "name":"microcode_ctl-20250512-1.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"microcode_ctl-20250512-1.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.x86_64", "name":"microcode_ctl-20250512-1.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"microcode_ctl-20250512-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.x86_64", "name":"microcode_ctl-20250512-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"microcode_ctl-20250512-1.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.x86_64", "name":"microcode_ctl-20250512-1.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2024-28956", "notes":[ { "text":"Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.src", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.src", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.src", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.src", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.src", "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.x86_64", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.x86_64", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.x86_64", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.src", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.src", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.src", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.src", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.src", "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.x86_64", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.x86_64", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.x86_64", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.x86_64" ], "details":"microcode_ctl security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1528" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.6, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.src", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.src", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.src", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.src", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.src", "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.x86_64", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.x86_64", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.x86_64", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-28956" }, { "cve":"CVE-2024-43420", "notes":[ { "text":"Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom(R) processors may allow an authenticated user to potentially enable information disclosure via local access.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.src", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.src", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.src", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.src", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.src", "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.x86_64", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.x86_64", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.x86_64", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.src", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.src", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.src", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.src", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.src", "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.x86_64", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.x86_64", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.x86_64", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.x86_64" ], "details":"microcode_ctl security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1528" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.6, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.src", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.src", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.src", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.src", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.src", "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.x86_64", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.x86_64", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.x86_64", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-43420" }, { "cve":"CVE-2024-45332", "notes":[ { "text":"Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.src", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.src", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.src", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.src", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.src", "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.x86_64", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.x86_64", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.x86_64", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.src", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.src", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.src", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.src", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.src", "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.x86_64", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.x86_64", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.x86_64", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.x86_64" ], "details":"microcode_ctl security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1528" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.6, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.src", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.src", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.src", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.src", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.src", "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.x86_64", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.x86_64", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.x86_64", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-45332" }, { "cve":"CVE-2025-20012", "notes":[ { "text":"Incorrect behavior order for some Intel(R) Core™ Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.src", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.src", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.src", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.src", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.src", "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.x86_64", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.x86_64", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.x86_64", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.src", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.src", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.src", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.src", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.src", "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.x86_64", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.x86_64", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.x86_64", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.x86_64" ], "details":"microcode_ctl security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1528" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":4.9, "vectorString":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.src", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.src", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.src", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.src", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.src", "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.x86_64", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.x86_64", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.x86_64", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-20012" }, { "cve":"CVE-2025-20054", "notes":[ { "text":"Uncaught exception in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.src", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.src", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.src", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.src", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.src", "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.x86_64", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.x86_64", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.x86_64", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.src", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.src", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.src", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.src", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.src", "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.x86_64", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.x86_64", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.x86_64", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.x86_64" ], "details":"microcode_ctl security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1528" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.src", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.src", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.src", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.src", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.src", "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.x86_64", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.x86_64", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.x86_64", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-20054" }, { "cve":"CVE-2025-20103", "notes":[ { "text":"Insufficient resource pool in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.src", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.src", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.src", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.src", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.src", "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.x86_64", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.x86_64", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.x86_64", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.src", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.src", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.src", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.src", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.src", "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.x86_64", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.x86_64", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.x86_64", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.x86_64" ], "details":"microcode_ctl security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1528" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.src", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.src", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.src", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.src", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.src", "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.x86_64", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.x86_64", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.x86_64", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-20103" }, { "cve":"CVE-2025-20623", "notes":[ { "text":"Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Core™ processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.src", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.src", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.src", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.src", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.src", "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.x86_64", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.x86_64", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.x86_64", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.src", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.src", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.src", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.src", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.src", "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.x86_64", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.x86_64", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.x86_64", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.x86_64" ], "details":"microcode_ctl security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1528" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.6, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.src", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.src", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.src", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.src", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.src", "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.x86_64", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.x86_64", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.x86_64", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-20623" }, { "cve":"CVE-2025-24495", "notes":[ { "text":"Incorrect initialization of resource in the branch prediction unit for some Intel(R) Core™ Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.src", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.src", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.src", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.src", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.src", "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.x86_64", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.x86_64", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.x86_64", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.src", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.src", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.src", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.src", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.src", "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.x86_64", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.x86_64", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.x86_64", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.x86_64" ], "details":"microcode_ctl security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1528" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.6, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.src", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.src", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.src", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.src", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.src", "openEuler-20.03-LTS-SP4:microcode_ctl-20250512-1.oe2003sp4.x86_64", "openEuler-22.03-LTS-SP3:microcode_ctl-20250512-1.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP4:microcode_ctl-20250512-1.oe2203sp4.x86_64", "openEuler-24.03-LTS:microcode_ctl-20250512-1.oe2403.x86_64", "openEuler-24.03-LTS-SP1:microcode_ctl-20250512-1.oe2403sp1.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-24495" } ] }