{"schema_version":"1.7.2","id":"OESA-2025-1528","modified":"2025-05-16T13:25:15Z","published":"2025-05-16T13:25:15Z","upstream":["CVE-2024-28956","CVE-2024-43420","CVE-2024-45332","CVE-2025-20012","CVE-2025-20054","CVE-2025-20103","CVE-2025-20623","CVE-2025-24495"],"summary":"microcode_ctl security update","details":"This is a tool to transform and deploy microcode update for x86 CPUs.\r\n\r\nSecurity Fix(es):\n\nExposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2024-28956)\n\nExposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom(R) processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2024-43420)\n\nExposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2024-45332)\n\nIncorrect behavior order for some Intel(R) Core™ Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access.(CVE-2025-20012)\n\nUncaught exception in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access.(CVE-2025-20054)\n\nInsufficient resource pool in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access.(CVE-2025-20103)\n\nExposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Core™ processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2025-20623)\n\nIncorrect initialization of resource in the branch prediction unit for some Intel(R) Core™ Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2025-24495)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"microcode_ctl","purl":"pkg:rpm/openEuler/microcode_ctl\u0026distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20250512-1.oe2003sp4"}]}],"ecosystem_specific":{"src":["microcode_ctl-20250512-1.oe2003sp4.src.rpm"],"x86_64":["microcode_ctl-20250512-1.oe2003sp4.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP3","name":"microcode_ctl","purl":"pkg:rpm/openEuler/microcode_ctl\u0026distro=openEuler-22.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20250512-1.oe2203sp3"}]}],"ecosystem_specific":{"src":["microcode_ctl-20250512-1.oe2203sp3.src.rpm"],"x86_64":["microcode_ctl-20250512-1.oe2203sp3.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"microcode_ctl","purl":"pkg:rpm/openEuler/microcode_ctl\u0026distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20250512-1.oe2203sp4"}]}],"ecosystem_specific":{"src":["microcode_ctl-20250512-1.oe2203sp4.src.rpm"],"x86_64":["microcode_ctl-20250512-1.oe2203sp4.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:24.03-LTS","name":"microcode_ctl","purl":"pkg:rpm/openEuler/microcode_ctl\u0026distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20250512-1.oe2403sp1"}]}],"ecosystem_specific":{"src":["microcode_ctl-20250512-1.oe2403.src.rpm","microcode_ctl-20250512-1.oe2403sp1.src.rpm"],"x86_64":["microcode_ctl-20250512-1.oe2403.x86_64.rpm","microcode_ctl-20250512-1.oe2403sp1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:24.03-LTS-SP1","name":"microcode_ctl","purl":"pkg:rpm/openEuler/microcode_ctl\u0026distro=openEuler-24.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20250512-1.oe2403sp1"}]}],"ecosystem_specific":{"src":["microcode_ctl-20250512-1.oe2403sp1.src.rpm"],"x86_64":["microcode_ctl-20250512-1.oe2403sp1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1528"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28956"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43420"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45332"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-20012"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-20054"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-20103"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-20623"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24495"}],"database_specific":{"severity":"Medium"}}