Bug 58746 - intel-microcode: Multiple issues (5.2)
Summary: intel-microcode: Multiple issues (5.2)
Status: CLOSED FIXED
Alias: None
Product: UCS
Classification: Unclassified
Component: Security updates
Version: UCS 5.2
Hardware: All Linux
: P3 normal
Target Milestone: UCS 5.2-3-errata
Assignee: Quality Assurance
QA Contact: Dirk Wiesenthal
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2025-10-27 12:12 CET by Quality Assurance
Modified: 2025-10-29 16:43 CET (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Customer ID:
Max CVSS v3 score: 7.9 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N) NVD

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2025-10-27 12:12:46 CET 
New Debian intel-microcode 3.20250812.1~deb12u1 fixes:
This update addresses the following issues:
3.20250812.1~deb12u1 (Sat, 18 Oct 2025 17:20:18 -0300)
* Backport to bookworm-security
* debian/rules: revert use of /usr/lib/firmware for deb12
3.20250812.1 (Sat, 13 Sep 2025 18:30:55 -0300)
[ Henrique de Moraes Holschuh ]
* New upstream microcode datafile 20250812, #1112168) - Mitgations for  INTEL-SA-01249 (processor Stream Cache): CVE-2025-20109: Improper Isolation  or Compartmentalization in the stream cache mechanism for some Intel  Processors may allow an authenticated user to potentially enable escalation  of privilege via local access. Intel also disclosed that several processors  models had already received this mitigation on the previous microcode  release, 20250512. - Mitigations for INTEL-SA-01308: CVE-2025-22840:  Sequence of processor instructions leads to unexpected behavior for some  Intel Xeon 6 Scalable processors may allow an authenticated user to  potentially enable escalation of privilege via local access. - Mitigations  for INTEL-SA-01310 (OOBM services module): CVE-2025-22839: Insufficient  granularity of access control in the OOB-MSM for some Intel Xeon 6 Scalable  processors may allow a privileged user to potentially enable escalation of  privilege via adjacent access. - Mitigations for INTEL-SA-01311 (Intel  TDX): CVE-2025-22889: Improper handling of overlap between protected memory  ranges for some Intel Xeon 6 processors with Intel TDX may allow a  privileged user to potentially enable escalation of privilege via local  access. - Mitigations for INTEL-SA-01313: CVE-2025-20053: Improper buffer  restrictions for some Intel Xeon Processor firmware with SGX enabled may  allow a privileged user to potentially enable escalation of privilege via  local access. CVE-2025-21090: Missing reference to active allocated  resource for some Intel Xeon processors may allow an authenticated user to  potentially enable denial of service via local access. CVE-2025-24305:  Insufficient control flow management in the Alias Checking Trusted Module  (ACTM) firmware for some Intel Xeon processors may allow a privileged user  to potentially enable escalation of privilege via local access. -  Mitigations for INTEL-SA-01367 (Intel SGX, TDX): CVE-2025-26403:  Out-of-bounds write in the memory subsystem for some Intel Xeon 6  processors when using Intel SGX or Intel TDX may allow a privileged user to  potentially enable escalation of privilege via local access.  CVE-2025-32086: Improperly implemented security check for standard in the  DDRIO configuration for some Intel Xeon 6 Processors when using Intel SGX  or Intel TDX may allow a privileged user to potentially enable escalation  of privilege via local access. - Fixes for unspecified functional issues on  several Intel Core and Intel Xeon processor models.
* Updated microcodes: sig 0x000606a6, pf_mask 0x87, 2025-03-11, rev  0xd000410, size 309248 sig 0x000606c1, pf_mask 0x10, 2025-03-06, rev  0x10002e0, size 301056 sig 0x000806f8, pf_mask 0x87, 2025-04-04, rev  0x2b000643, size 592896 sig 0x000806f7, pf_mask 0x87, 2025-04-04, rev  0x2b000643 sig 0x000806f6, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig  0x000806f5, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f4,  pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f8, pf_mask 0x10,  2025-04-08, rev 0x2c000401, size 625664 sig 0x000806f6, pf_mask 0x10,  2025-04-08, rev 0x2c000401 sig 0x000806f5, pf_mask 0x10, 2025-04-08, rev  0x2c000401 sig 0x000806f4, pf_mask 0x10, 2025-04-08, rev 0x2c000401 sig  0x000a06a4, pf_mask 0xe6, 2025-03-19, rev 0x0025, size 140288 sig  0x000a06d1, pf_mask 0x95, 2025-05-15, rev 0x10003d0, size 1667072 sig  0x000a06d1, pf_mask 0x20, 2025-05-15, rev 0xa000100, size 1638400 sig  0x000a06f3, pf_mask 0x01, 2025-05-03, rev 0x3000362, size 1530880 sig  0x000b06a2, pf_mask 0xe0, 2025-02-24, rev 0x4129, size 224256 sig  0x000b06a3, pf_mask 0xe0, 2025-02-24, rev 0x4129 sig 0x000b06a8, pf_mask  0xe0, 2025-02-24, rev 0x4129 sig 0x000b06d1, pf_mask 0x80, 2025-05-21, rev  0x0123, size 80896 sig 0x000c0662, pf_mask 0x82, 2025-05-14, rev 0x0119,  size 90112 sig 0x000c06a2, pf_mask 0x82, 2025-05-14, rev 0x0119 sig  0x000c0652, pf_mask 0x82, 2025-05-14, rev 0x0119 sig 0x000c0664, pf_mask  0x82, 2025-05-14, rev 0x0119 sig 0x000c06f2, pf_mask 0x87, 2025-04-15, rev  0x210002b3, size 564224 sig 0x000c06f1, pf_mask 0x87, 2025-04-15, rev  0x210002b3
* update entry for 3.20250512.1 with new information
* source: update symlinks to reflect id of the latest release, 20250812
[ Ben Hutchings ]
* debian/tests/initramfs: Update to work with forky's initramfs-tools. In  version 0.149 of initramfs-tools, unmkinitramfs was changed to no longer  create early/ and main/ subdirectories. Update the microcode file check to  work with both old and new behaviours.
Comment 1 Quality Assurance univentionstaff 2025-10-27 13:00:14 CET 
--- mirror/ftp/pool/main/i/intel-microcode/intel-microcode_3.20250512.1~deb12u1.dsc
+++ apt/ucs_5.2-0-errata5.2-3/source/intel-microcode_3.20250812.1~deb12u1.dsc
@@ -1,3 +1,91 @@
+3.20250812.1~deb12u1 [Sat, 18 Oct 2025 17:20:18 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  * Backport to bookworm-security
+  * debian/rules: revert use of /usr/lib/firmware for deb12
+
+3.20250812.1 [Sat, 13 Sep 2025 18:30:55 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  [ Henrique de Moraes Holschuh ]
+  * New upstream microcode datafile 20250812 (closes: #1110983, #1112168)
+    - Mitgations for INTEL-SA-01249 (processor Stream Cache):
+      CVE-2025-20109: Improper Isolation or Compartmentalization in the
+      stream cache mechanism for some Intel Processors may allow an
+      authenticated user to potentially enable escalation of privilege via
+      local access.  Intel also disclosed that several processors models
+      had already received this mitigation on the previous microcode
+      release, 20250512.
+    - Mitigations for INTEL-SA-01308:
+      CVE-2025-22840: Sequence of processor instructions leads to
+      unexpected behavior for some Intel Xeon 6 Scalable processors may
+      allow an authenticated user to potentially enable escalation of
+      privilege via local access.
+    - Mitigations for INTEL-SA-01310 (OOBM services module):
+      CVE-2025-22839: Insufficient granularity of access control in the
+      OOB-MSM for some Intel Xeon 6 Scalable processors may allow a
+      privileged user to potentially enable escalation of privilege via
+      adjacent access.
+    - Mitigations for INTEL-SA-01311 (Intel TDX):
+      CVE-2025-22889: Improper handling of overlap between protected
+      memory ranges for some Intel Xeon 6 processors with Intel TDX may
+      allow a privileged user to potentially enable escalation of
+      privilege via local access.
+    - Mitigations for INTEL-SA-01313:
+      CVE-2025-20053: Improper buffer restrictions for some Intel Xeon
+      Processor firmware with SGX enabled may allow a privileged user to
+      potentially enable escalation of privilege via local access.
+      CVE-2025-21090: Missing reference to active allocated resource for
+      some Intel Xeon processors may allow an authenticated user to
+      potentially enable denial of service via local access.
+      CVE-2025-24305: Insufficient control flow management in the Alias
+      Checking Trusted Module (ACTM) firmware for some Intel Xeon
+      processors may allow a privileged user to potentially enable
+      escalation of privilege via local access.
+    - Mitigations for INTEL-SA-01367 (Intel SGX, TDX):
+      CVE-2025-26403: Out-of-bounds write in the memory subsystem for some
+      Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow
+      a privileged user to potentially enable escalation of privilege via
+      local access.
+      CVE-2025-32086: Improperly implemented security check for standard
+      in the DDRIO configuration for some Intel Xeon 6 Processors when
+      using Intel SGX or Intel TDX may allow a privileged user to
+      potentially enable escalation of privilege via local access.
+    - Fixes for unspecified functional issues on several Intel Core and
+      Intel Xeon processor models.
+  * Updated microcodes:
+    sig 0x000606a6, pf_mask 0x87, 2025-03-11, rev 0xd000410, size 309248
+    sig 0x000606c1, pf_mask 0x10, 2025-03-06, rev 0x10002e0, size 301056
+    sig 0x000806f8, pf_mask 0x87, 2025-04-04, rev 0x2b000643, size 592896
+    sig 0x000806f7, pf_mask 0x87, 2025-04-04, rev 0x2b000643
+    sig 0x000806f6, pf_mask 0x87, 2025-04-04, rev 0x2b000643
+    sig 0x000806f5, pf_mask 0x87, 2025-04-04, rev 0x2b000643
+    sig 0x000806f4, pf_mask 0x87, 2025-04-04, rev 0x2b000643
+    sig 0x000806f8, pf_mask 0x10, 2025-04-08, rev 0x2c000401, size 625664
+    sig 0x000806f6, pf_mask 0x10, 2025-04-08, rev 0x2c000401
+    sig 0x000806f5, pf_mask 0x10, 2025-04-08, rev 0x2c000401
+    sig 0x000806f4, pf_mask 0x10, 2025-04-08, rev 0x2c000401
+    sig 0x000a06a4, pf_mask 0xe6, 2025-03-19, rev 0x0025, size 140288
+    sig 0x000a06d1, pf_mask 0x95, 2025-05-15, rev 0x10003d0, size 1667072
+    sig 0x000a06d1, pf_mask 0x20, 2025-05-15, rev 0xa000100, size 1638400
+    sig 0x000a06f3, pf_mask 0x01, 2025-05-03, rev 0x3000362, size 1530880
+    sig 0x000b06a2, pf_mask 0xe0, 2025-02-24, rev 0x4129, size 224256
+    sig 0x000b06a3, pf_mask 0xe0, 2025-02-24, rev 0x4129
+    sig 0x000b06a8, pf_mask 0xe0, 2025-02-24, rev 0x4129
+    sig 0x000b06d1, pf_mask 0x80, 2025-05-21, rev 0x0123, size 80896
+    sig 0x000c0662, pf_mask 0x82, 2025-05-14, rev 0x0119, size 90112
+    sig 0x000c06a2, pf_mask 0x82, 2025-05-14, rev 0x0119
+    sig 0x000c0652, pf_mask 0x82, 2025-05-14, rev 0x0119
+    sig 0x000c0664, pf_mask 0x82, 2025-05-14, rev 0x0119
+    sig 0x000c06f2, pf_mask 0x87, 2025-04-15, rev 0x210002b3, size 564224
+    sig 0x000c06f1, pf_mask 0x87, 2025-04-15, rev 0x210002b3
+  * update entry for 3.20250512.1 with new information
+  * source: update symlinks to reflect id of the latest release, 20250812
+
+  [ Ben Hutchings ]
+  * debian/tests/initramfs: Update to work with forky's initramfs-tools.
+    In version 0.149 of initramfs-tools, unmkinitramfs was changed to no
+    longer create early/ and main/ subdirectories.  Update the microcode
+    file check to work with both old and new behaviours.
+
 3.20250512.1~deb12u1 [Sun, 18 May 2025 20:06:42 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
 
   * Backport to bookworm-security
@@ -43,6 +131,12 @@
       firmware update, but according to Intel it should be effective when
       loaded by the operating system if the system firmware has revision
       0x12e.
+    - Mitgations for INTEL-SA-01249 (processor Stream Cache):
+      CVE-2025-20109: Improper Isolation or Compartmentalization in the
+      stream cache mechanism for some Intel Processors may allow an
+      authenticated user to potentially enable escalation of privilege via
+      local access.  This information was disclosed by Intel for release
+      20250812.
     - Fixes for unspecified functional issues on several processor models
   * New microcodes or new extended signatures:
     sig 0x000a06d1, pf_mask 0x95, 2025-02-07, rev 0x10003a2, size 1664000

<http://piuparts.knut.univention.de/5.2-3/#8438771257651212073>
Comment 2 Dirk Wiesenthal univentionstaff 2025-10-29 13:55:39 CET 
OK: bug
OK: yaml
OK: piuparts