Lector de Feeds

Publication date: 11 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-41244 Description It was discovered that open-vm-tools contains a local privilege escalation vulnerability. A malicious actor with non-administrative privileges on a guest VM may exploit this vulnerability to escalate privileges to root on the same VM (CVE-2025-41244). References

• https://bugs.mageia.org/show_bug.cgi?id=34641
• https://www.openwall.com/lists/oss-security/2025/09/29/10
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-41244

SRPMS 9/core

• open-vm-tools-12.3.5-2.2.mga9

Publication date: 11 Oct 2025
Type: bugfix
Affected Mageia releases : 9
Description When Qarte is started, the Arte TV window is blank. This update fixes the reported issue. References

• https://bugs.mageia.org/show_bug.cgi?id=34654
• https://bugs.launchpad.net/qarte/+bug/2121947

SRPMS 9/core

• qarte-5.13.0-1.mga9

Publication date: 10 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-20109 , CVE-2025-22840 , CVE-2025-22839 , CVE-2025-20053 , CVE-2025-24305 , CVE-2025-21090 , CVE-2025-26403 , CVE-2025-32086 Description The updated package updates AMD cpu microcode for processor family 19h, adds AMD cpu microcode for processor family 1ah and fixes security vulnerabilities for Intel processors: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel® Processors may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2025-20109) Sequence of processor instructions leads to unexpected behavior for some Intel® Xeon® 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2025-22840) Insufficient granularity of access control in the OOB-MSM for some Intel® Xeon® 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. (CVE-2025-22839) Improper handling of overlap between protected memory ranges for some Intel® Xeon® 6 processor with Intel® TDX may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2025-22889) Improper buffer restrictions for some Intel® Xeon® Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2025-20053) Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel® Xeon® processors may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2025-24305) Missing reference to active allocated resource for some Intel® Xeon® processors may allow an authenticated user to potentially enable denial of service via local access. (CVE-2025-21090) Out-of-bounds write in the memory subsystem for some Intel® Xeon® 6 processors when using Intel® SGX or Intel® TDX may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2025-26403) Improperly implemented security check for standard in the DDRIO configuration for some Intel® Xeon® 6 Processors when using Intel® SGX or Intel® TDX may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2025-32086) References

• https://bugs.mageia.org/show_bug.cgi?id=34629
• https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20109
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22840
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22839
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20053
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24305
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21090
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26403
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32086

SRPMS 9/nonfree

• microcode-0.20250812-1.mga9.nonfree