{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "intel-microcode" ] } }, "diff": { "deb": [ { "name": "intel-microcode", "from_version": { "source_package_name": "intel-microcode", "source_package_version": "3.20250512.0ubuntu0.24.04.1", "version": "3.20250512.0ubuntu0.24.04.1" }, "to_version": { "source_package_name": "intel-microcode", "source_package_version": "3.20250812.0ubuntu0.24.04.1", "version": "3.20250812.0ubuntu0.24.04.1" }, "cves": [ { "cve": "CVE-2025-20109", "url": "https://ubuntu.com/security/CVE-2025-20109", "cve_description": "Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-22840", "url": "https://ubuntu.com/security/CVE-2025-22840", "cve_description": "Sequence of processor instructions leads to unexpected behavior for some Intel(R) Xeon(R) 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-22839", "url": "https://ubuntu.com/security/CVE-2025-22839", "cve_description": "Insufficient granularity of access control in the OOB-MSM for some Intel(R) Xeon(R) 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-22889", "url": "https://ubuntu.com/security/CVE-2025-22889", "cve_description": "Improper handling of overlap between protected memory ranges for some Intel(R) Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-21090", "url": "https://ubuntu.com/security/CVE-2025-21090", "cve_description": "Missing reference to active allocated resource for some Intel(R) Xeon(R) processors may allow an authenticated user to potentially enable denial of service via local access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-20053", "url": "https://ubuntu.com/security/CVE-2025-20053", "cve_description": "Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-24305", "url": "https://ubuntu.com/security/CVE-2025-24305", "cve_description": "Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel(R) Xeon(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-26403", "url": "https://ubuntu.com/security/CVE-2025-26403", "cve_description": "Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) 6 processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-32086", "url": "https://ubuntu.com/security/CVE-2025-32086", "cve_description": "Improperly implemented security check for standard in the DDRIO configuration for some Intel(R) Xeon(R) 6 Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-20109", "url": "https://ubuntu.com/security/CVE-2025-20109", "cve_description": "Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-22840", "url": "https://ubuntu.com/security/CVE-2025-22840", "cve_description": "Sequence of processor instructions leads to unexpected behavior for some Intel(R) Xeon(R) 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-22839", "url": "https://ubuntu.com/security/CVE-2025-22839", "cve_description": "Insufficient granularity of access control in the OOB-MSM for some Intel(R) Xeon(R) 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-22889", "url": "https://ubuntu.com/security/CVE-2025-22889", "cve_description": "Improper handling of overlap between protected memory ranges for some Intel(R) Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-21090", "url": "https://ubuntu.com/security/CVE-2025-21090", "cve_description": "Missing reference to active allocated resource for some Intel(R) Xeon(R) processors may allow an authenticated user to potentially enable denial of service via local access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-20053", "url": "https://ubuntu.com/security/CVE-2025-20053", "cve_description": "Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-24305", "url": "https://ubuntu.com/security/CVE-2025-24305", "cve_description": "Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel(R) Xeon(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-26403", "url": "https://ubuntu.com/security/CVE-2025-26403", "cve_description": "Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) 6 processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-32086", "url": "https://ubuntu.com/security/CVE-2025-32086", "cve_description": "Improperly implemented security check for standard in the DDRIO configuration for some Intel(R) Xeon(R) 6 Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: New upstream microcode datafile 20250812", " - Updated microcodes:", " sig 0x000606a6, pf_mask 0x87, 2025-03-11, rev 0xd000410, size 309248", " sig 0x000606c1, pf_mask 0x10, 2025-03-06, rev 0x10002e0, size 301056", " sig 0x000806f4, pf_mask 0x10, 2025-04-08, rev 0x2c000401, size 625664", " sig 0x000806f4, pf_mask 0x87, 2025-04-04, rev 0x2b000643, size 592896", " sig 0x000806f5, pf_mask 0x10, 2025-04-08, rev 0x2c000401, size 625664", " sig 0x000806f5, pf_mask 0x87, 2025-04-04, rev 0x2b000643, size 592896", " sig 0x000806f6, pf_mask 0x10, 2025-04-08, rev 0x2c000401, size 625664", " sig 0x000806f6, pf_mask 0x87, 2025-04-04, rev 0x2b000643, size 592896", " sig 0x000806f7, pf_mask 0x87, 2025-04-04, rev 0x2b000643, size 592896", " sig 0x000806f8, pf_mask 0x10, 2025-04-08, rev 0x2c000401, size 625664", " sig 0x000806f8, pf_mask 0x87, 2025-04-04, rev 0x2b000643, size 592896", " sig 0x000a06a4, pf_mask 0xe6, 2025-03-19, rev 0x0025, size 140288", " sig 0x000a06d1, pf_mask 0x20, 2025-05-15, rev 0xa000100, size 1638400", " sig 0x000a06d1, pf_mask 0x95, 2025-05-15, rev 0x10003d0, size 1667072", " sig 0x000a06f3, pf_mask 0x01, 2025-05-03, rev 0x3000362, size 1530880", " sig 0x000b06a2, pf_mask 0xe0, 2025-02-24, rev 0x4129, size 224256", " sig 0x000b06a3, pf_mask 0xe0, 2025-02-24, rev 0x4129, size 224256", " sig 0x000b06a8, pf_mask 0xe0, 2025-02-24, rev 0x4129, size 224256", " sig 0x000b06d1, pf_mask 0x80, 2025-05-21, rev 0x0123, size 80896", " sig 0x000c0652, pf_mask 0x82, 2025-05-14, rev 0x0119, size 90112", " sig 0x000c0662, pf_mask 0x82, 2025-05-14, rev 0x0119, size 90112", " sig 0x000c0664, pf_mask 0x82, 2025-05-14, rev 0x0119, size 90112", " sig 0x000c06a2, pf_mask 0x82, 2025-05-14, rev 0x0119, size 90112", " sig 0x000c06f1, pf_mask 0x87, 2025-04-15, rev 0x210002b3, size 564224", " sig 0x000c06f2, pf_mask 0x87, 2025-04-15, rev 0x210002b3, size 564224", " - CVE-2025-20109 (INTEL-SA-01249)", " - CVE-2025-22840 (INTEL-SA-01308)", " - CVE-2025-22839 (INTEL-SA-01310)", " - CVE-2025-22889 (INTEL-SA-01311)", " - CVE-2025-21090 (INTEL-SA-01313)", " - CVE-2025-20053 (INTEL-SA-01313)", " - CVE-2025-24305 (INTEL-SA-01313)", " - CVE-2025-26403 (INTEL-SA-01367)", " - CVE-2025-32086 (INTEL-SA-01367) ", "" ], "package": "intel-microcode", "version": "3.20250812.0ubuntu0.24.04.1", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Rodrigo Figueiredo Zaiden ", "date": "Tue, 28 Oct 2025 15:28:49 -0300" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 24.04 noble image from daily image serial 20251031 to 20251111", "from_series": "noble", "to_series": "noble", "from_serial": "20251031", "to_serial": "20251111", "from_manifest_filename": "daily_manifest.previous", "to_manifest_filename": "manifest.current" }