An update for microcode_ctl is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-1528 Final 1.0 1.0 2025-05-16 Initial 2025-05-16 2025-05-16 openEuler SA Tool V1.0 2025-05-16 microcode_ctl security update An update for microcode_ctl is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1 This is a tool to transform and deploy microcode update for x86 CPUs. Security Fix(es): Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2024-28956) Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom(R) processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2024-43420) Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2024-45332) Incorrect behavior order for some Intel(R) Core™ Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access.(CVE-2025-20012) Uncaught exception in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access.(CVE-2025-20054) Insufficient resource pool in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access.(CVE-2025-20103) Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Core™ processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2025-20623) Incorrect initialization of resource in the branch prediction unit for some Intel(R) Core™ Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2025-24495) An update for microcode_ctl is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium microcode_ctl https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1528 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-28956 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-43420 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-45332 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-20012 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-20054 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-20103 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-20623 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-24495 https://nvd.nist.gov/vuln/detail/CVE-2024-28956 https://nvd.nist.gov/vuln/detail/CVE-2024-43420 https://nvd.nist.gov/vuln/detail/CVE-2024-45332 https://nvd.nist.gov/vuln/detail/CVE-2025-20012 https://nvd.nist.gov/vuln/detail/CVE-2025-20054 https://nvd.nist.gov/vuln/detail/CVE-2025-20103 https://nvd.nist.gov/vuln/detail/CVE-2025-20623 https://nvd.nist.gov/vuln/detail/CVE-2025-24495 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 microcode_ctl-20250512-1.oe2003sp4.src.rpm microcode_ctl-20250512-1.oe2203sp3.src.rpm microcode_ctl-20250512-1.oe2203sp4.src.rpm microcode_ctl-20250512-1.oe2403.src.rpm microcode_ctl-20250512-1.oe2403sp1.src.rpm microcode_ctl-20250512-1.oe2003sp4.x86_64.rpm microcode_ctl-20250512-1.oe2203sp3.x86_64.rpm microcode_ctl-20250512-1.oe2203sp4.x86_64.rpm microcode_ctl-20250512-1.oe2403.x86_64.rpm microcode_ctl-20250512-1.oe2403sp1.x86_64.rpm Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. 2025-05-16 CVE-2024-28956 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 Medium 5.6 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N microcode_ctl security update 2025-05-16 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1528 Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom(R) processors may allow an authenticated user to potentially enable information disclosure via local access. 2025-05-16 CVE-2024-43420 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 Medium 5.6 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N microcode_ctl security update 2025-05-16 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1528 Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. 2025-05-16 CVE-2024-45332 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 Medium 5.6 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N microcode_ctl security update 2025-05-16 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1528 Incorrect behavior order for some Intel(R) Core™ Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access. 2025-05-16 CVE-2025-20012 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 Medium 4.9 AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N microcode_ctl security update 2025-05-16 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1528 Uncaught exception in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access. 2025-05-16 CVE-2025-20054 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 Medium 6.5 AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H microcode_ctl security update 2025-05-16 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1528 Insufficient resource pool in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access. 2025-05-16 CVE-2025-20103 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 Medium 6.5 AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H microcode_ctl security update 2025-05-16 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1528 Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Core™ processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access. 2025-05-16 CVE-2025-20623 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 Medium 5.6 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N microcode_ctl security update 2025-05-16 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1528 Incorrect initialization of resource in the branch prediction unit for some Intel(R) Core™ Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access. 2025-05-16 CVE-2025-24495 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 Medium 5.6 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N microcode_ctl security update 2025-05-16 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1528