Lector de Feeds
MGASA-2025-0160 - Updated microcode packages fix security vulnerabilities
Publication date: 23 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-28956 , CVE-2025-20103 , CVE-2025-20054 , CVE-2024-43420 , CVE-2025-20623 , CVE-2024-45332 , CVE-2025-24495 , CVE-2025-20012 Description Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2024-28956) Insufficient resource pool in the core management mechanism for some Intel® Processors may allow an authenticated user to potentially enable denial of service via local access. (CVE-2025-20103) Uncaught exception in the core management mechanism for some Intel® Processors may allow an authenticated user to potentially enable denial of service via local access. (CVE-2025-20054) Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom® processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2024-43420) Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel® Core™ processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2025-20623) Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2024-45332) Incorrect initialization of resource in the branch prediction unit for some Intel® Core™ Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2025-24495) Incorrect behavior order for some Intel® Core™ Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access. (CVE-2025-20012) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-28956 , CVE-2025-20103 , CVE-2025-20054 , CVE-2024-43420 , CVE-2025-20623 , CVE-2024-45332 , CVE-2025-24495 , CVE-2025-20012 Description Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2024-28956) Insufficient resource pool in the core management mechanism for some Intel® Processors may allow an authenticated user to potentially enable denial of service via local access. (CVE-2025-20103) Uncaught exception in the core management mechanism for some Intel® Processors may allow an authenticated user to potentially enable denial of service via local access. (CVE-2025-20054) Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom® processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2024-43420) Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel® Core™ processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2025-20623) Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2024-45332) Incorrect initialization of resource in the branch prediction unit for some Intel® Core™ Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2025-24495) Incorrect behavior order for some Intel® Core™ Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access. (CVE-2025-20012) References
- https://bugs.mageia.org/show_bug.cgi?id=34279
- https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28956
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20103
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20054
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43420
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20623
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45332
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24495
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20012
- microcode-0.20250512-1.mga9.nonfree
Categorías: Actualizaciones de Seguridad
