An update for microcode_ctl is now available for openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-2071 Final 1.0 1.0 2025-08-22 Initial 2025-08-22 2025-08-22 openEuler SA Tool V1.0 2025-08-22 microcode_ctl security update An update for microcode_ctl is now available for openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS Security Fix(es): Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2025-20053) Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.(CVE-2025-20109) Missing reference to active allocated resource for some Intel(R) Xeon(R) processors may allow an authenticated user to potentially enable denial of service via local access.(CVE-2025-21090) Insufficient granularity of access control in the OOB-MSM for some Intel(R) Xeon(R) 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access.(CVE-2025-22839) Sequence of processor instructions leads to unexpected behavior for some Intel(R) Xeon(R) 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access(CVE-2025-22840) Improper handling of overlap between protected memory ranges for some Intel(R) Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2025-22889) Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel(R) Xeon(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2025-24305) Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) 6 processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2025-26403) Improperly implemented security check for standard in the DDRIO configuration for some Intel(R) Xeon(R) 6 Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2025-32086) An update for microcode_ctl is now available for openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High microcode_ctl https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2071 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-20053 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-20109 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-21090 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-22839 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-22840 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-22889 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-24305 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-26403 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-32086 https://nvd.nist.gov/vuln/detail/CVE-2025-20053 https://nvd.nist.gov/vuln/detail/CVE-2025-20109 https://nvd.nist.gov/vuln/detail/CVE-2025-21090 https://nvd.nist.gov/vuln/detail/CVE-2025-22839 https://nvd.nist.gov/vuln/detail/CVE-2025-22840 https://nvd.nist.gov/vuln/detail/CVE-2025-22889 https://nvd.nist.gov/vuln/detail/CVE-2025-24305 https://nvd.nist.gov/vuln/detail/CVE-2025-26403 https://nvd.nist.gov/vuln/detail/CVE-2025-32086 openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS microcode_ctl-20250812-1.oe2403sp1.x86_64.rpm microcode_ctl-20250812-1.oe2403sp2.x86_64.rpm microcode_ctl-20250812-1.oe2003sp4.x86_64.rpm microcode_ctl-20250812-1.oe2203sp3.x86_64.rpm microcode_ctl-20250812-1.oe2203sp4.x86_64.rpm microcode_ctl-20250812-1.oe2403.x86_64.rpm microcode_ctl-20250812-1.oe2403sp1.src.rpm microcode_ctl-20250812-1.oe2403sp2.src.rpm microcode_ctl-20250812-1.oe2003sp4.src.rpm microcode_ctl-20250812-1.oe2203sp3.src.rpm microcode_ctl-20250812-1.oe2203sp4.src.rpm microcode_ctl-20250812-1.oe2403.src.rpm Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. 2025-08-22 CVE-2025-20053 openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS High 7.2 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N microcode_ctl security update 2025-08-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2071 Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. 2025-08-22 CVE-2025-20109 openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS High 7.8 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H microcode_ctl security update 2025-08-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2071 Missing reference to active allocated resource for some Intel(R) Xeon(R) processors may allow an authenticated user to potentially enable denial of service via local access. 2025-08-22 CVE-2025-21090 openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS Medium 6.5 AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H microcode_ctl security update 2025-08-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2071 Insufficient granularity of access control in the OOB-MSM for some Intel(R) Xeon(R) 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. 2025-08-22 CVE-2025-22839 openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS High 7.5 AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L microcode_ctl security update 2025-08-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2071 Sequence of processor instructions leads to unexpected behavior for some Intel(R) Xeon(R) 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access 2025-08-22 CVE-2025-22840 openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS High 7.4 AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L microcode_ctl security update 2025-08-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2071 Improper handling of overlap between protected memory ranges for some Intel(R) Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. 2025-08-22 CVE-2025-22889 openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS High 7.9 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N microcode_ctl security update 2025-08-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2071 Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel(R) Xeon(R) processors may allow a privileged user to potentially enable escalation of privilege via local access. 2025-08-22 CVE-2025-24305 openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS High 7.2 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N microcode_ctl security update 2025-08-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2071 Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) 6 processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. 2025-08-22 CVE-2025-26403 openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS High 7.2 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N microcode_ctl security update 2025-08-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2071 Improperly implemented security check for standard in the DDRIO configuration for some Intel(R) Xeon(R) 6 Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. 2025-08-22 CVE-2025-32086 openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS High 7.2 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N microcode_ctl security update 2025-08-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2071