An update for microcode_ctl is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-1171 Final 1.0 1.0 2025-02-21 Initial 2025-02-21 2025-02-21 openEuler SA Tool V1.0 2025-02-21 microcode_ctl security update An update for microcode_ctl is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1 This is a tool to transform and deploy microcode update for x86 CPUs. Security Fix(es): Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2023-34440) Improper input validation in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2023-43758) Improper input validation in XmlCli feature for UEFI firmware for some Intel(R) processors may allow privileged user to potentially enable escalation of privilege via local access.(CVE-2024-24582) Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.(CVE-2024-28047) Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2024-28127) Improper input validation in UEFI firmware CseVariableStorageSmm for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2024-29214) Improper Finite State Machines (FSMs) in Hardware Logic for some Intel(R) Processors may allow privileged user to potentially enable denial of service via local access.(CVE-2024-31068) Improper initialization in UEFI firmware OutOfBandXML module in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.(CVE-2024-31157) Improper access control in the EDECCSSA user leaf function for some Intel(R) Processors with Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access.(CVE-2024-36293) Sequence of processor instructions leads to unexpected behavior in the Intel(R) DSA V1.0 for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable denial of service via local access.(CVE-2024-37020) Insufficient granularity of access control in UEFI firmware in some Intel(R) processors may allow a authenticated user to potentially enable denial of service via local access.(CVE-2024-39279) Improper handling of physical or environmental conditions in some Intel(R) Processors may allow an authenticated user to enable denial of service via local access.(CVE-2024-39355) An update for microcode_ctl is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High microcode_ctl https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1171 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-34440 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-43758 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-24582 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-28047 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-28127 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-29214 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-31068 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-31157 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36293 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-37020 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39279 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39355 https://nvd.nist.gov/vuln/detail/CVE-2023-34440 https://nvd.nist.gov/vuln/detail/CVE-2023-43758 https://nvd.nist.gov/vuln/detail/CVE-2024-24582 https://nvd.nist.gov/vuln/detail/CVE-2024-28047 https://nvd.nist.gov/vuln/detail/CVE-2024-28127 https://nvd.nist.gov/vuln/detail/CVE-2024-29214 https://nvd.nist.gov/vuln/detail/CVE-2024-31068 https://nvd.nist.gov/vuln/detail/CVE-2024-31157 https://nvd.nist.gov/vuln/detail/CVE-2024-36293 https://nvd.nist.gov/vuln/detail/CVE-2024-37020 https://nvd.nist.gov/vuln/detail/CVE-2024-39279 https://nvd.nist.gov/vuln/detail/CVE-2024-39355 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 microcode_ctl-20250211-1.oe2003sp4.src.rpm microcode_ctl-20250211-1.oe2203sp3.src.rpm microcode_ctl-20250211-1.oe2203sp4.src.rpm microcode_ctl-20250211-1.oe2403.src.rpm microcode_ctl-20250211-1.oe2403sp1.src.rpm microcode_ctl-20250211-1.oe2003sp4.x86_64.rpm microcode_ctl-20250211-1.oe2203sp3.x86_64.rpm microcode_ctl-20250211-1.oe2203sp4.x86_64.rpm microcode_ctl-20250211-1.oe2403.x86_64.rpm microcode_ctl-20250211-1.oe2403sp1.x86_64.rpm Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. 2025-02-21 CVE-2023-34440 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 High 7.5 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H microcode_ctl security update 2025-02-21 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1171 Improper input validation in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access. 2025-02-21 CVE-2023-43758 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 High 8.2 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H microcode_ctl security update 2025-02-21 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1171 Improper input validation in XmlCli feature for UEFI firmware for some Intel(R) processors may allow privileged user to potentially enable escalation of privilege via local access. 2025-02-21 CVE-2024-24582 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 High 7.5 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H microcode_ctl security update 2025-02-21 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1171 Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. 2025-02-21 CVE-2024-28047 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 Medium 5.3 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N microcode_ctl security update 2025-02-21 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1171 Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. 2025-02-21 CVE-2024-28127 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 High 7.5 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H microcode_ctl security update 2025-02-21 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1171 Improper input validation in UEFI firmware CseVariableStorageSmm for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. 2025-02-21 CVE-2024-29214 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 High 7.5 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H microcode_ctl security update 2025-02-21 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1171 Improper Finite State Machines (FSMs) in Hardware Logic for some Intel(R) Processors may allow privileged user to potentially enable denial of service via local access. 2025-02-21 CVE-2024-31068 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 Medium 5.3 AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H microcode_ctl security update 2025-02-21 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1171 Improper initialization in UEFI firmware OutOfBandXML module in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. 2025-02-21 CVE-2024-31157 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 Medium 5.3 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N microcode_ctl security update 2025-02-21 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1171 Improper access control in the EDECCSSA user leaf function for some Intel(R) Processors with Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access. 2025-02-21 CVE-2024-36293 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 Medium 6.5 AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H microcode_ctl security update 2025-02-21 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1171 Sequence of processor instructions leads to unexpected behavior in the Intel(R) DSA V1.0 for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable denial of service via local access. 2025-02-21 CVE-2024-37020 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 Low 3.8 AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L microcode_ctl security update 2025-02-21 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1171 Insufficient granularity of access control in UEFI firmware in some Intel(R) processors may allow a authenticated user to potentially enable denial of service via local access. 2025-02-21 CVE-2024-39279 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 Medium 6.5 AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H microcode_ctl security update 2025-02-21 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1171 Improper handling of physical or environmental conditions in some Intel(R) Processors may allow an authenticated user to enable denial of service via local access. 2025-02-21 CVE-2024-39355 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 Medium 6.5 AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H microcode_ctl security update 2025-02-21 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1171