{ "document": { "aggregate_severity": { "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "Update Intel CPU microcode to 20250812, addresses: CVE-2024-28047,\n CVE-2024-31157, CVE-2024-39279, CVE-2024-28956, CVE-2024-43420,\n CVE-2024-45332, CVE-2025-24495, CVE-2025-20623, CVE-2025-20012\n - Addition of cpuid:806F8/0x10 (SPR-HBM B3) microcode (in microcode.dat) at\n revision 0x2c000401;\n - Addition of cpuid:806F8/0x87 (SPR-SP E5/S3) microcode (in microcode.dat) at\n revision 0x2b000643;\n - Addition of cpuid:90672/0x07 (ADL-HX/S 8+8 C0) microcode (in microcode.dat)\n at revision 0x3a;\n - Addition of cpuid:906A3/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in\n microcode.dat) at revision 0x437;\n - Addition of cpuid:A06D1/0x20 (GNR-AP/SP H0) microcode (in microcode.dat) at\n revision 0xa000100;\n - Addition of cpuid:A06D1/0x95 (GNR-AP/SP B0) microcode (in microcode.dat) at\n revision 0x10003d0;\n - Addition of cpuid:B0650/0x80 (ARL-U A1) microcode (in microcode.dat) at\n revision 0xa;\n - Addition of cpuid:B0671/0x32 (RPL-S B0) microcode (in microcode.dat) at\n revision 0x12f;\n - Addition of cpuid:B06A2/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in\n microcode.dat) at revision 0x4129;\n - Addition of cpuid:B06D1/0x80 (LNL B0) microcode (in microcode.dat) at\n revision 0x123;\n - Addition of cpuid:C0652/0x82 (ARL-H A1) microcode (in microcode.dat) at\n revision 0x119;\n - Addition of cpuid:C0662/0x82 (ARL-HX 8P/S B0) microcode (in microcode.dat)\n at revision 0x119;\n - Addition of cpuid:C0664/0x82 microcode (in microcode.dat) at revision\n 0x119;\n - Addition of cpuid:C06A2/0x82 microcode (in microcode.dat) at revision\n 0x119;\n - Addition of cpuid:C06F2/0x87 (EMR-SP A1) microcode (in microcode.dat) at\n revision 0x210002b3;\n - Removal of cpuid:50656/0xbf (CLX-SP B0) microcode (in microcode.dat) at\n revision 0x4003605;\n - Removal of cpuid:806F8/0x10 (SPR-HBM B3) microcode (in microcode.dat) at\n revision 0x2c0003e0;\n - Removal of cpuid:806F8/0x87 (SPR-SP E5/S3) microcode (in microcode.dat) at\n revision 0x2b000620;\n - Removal of cpuid:90672/0x07 (ADL-HX/S 8+8 C0) microcode (in microcode.dat)\n at revision 0x38;\n - Removal of cpuid:906A3/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in\n microcode.dat) at revision 0x436;\n - Removal of cpuid:B0671/0x32 (RPL-S B0) microcode (in microcode.dat) at\n revision 0x12c;\n - Removal of cpuid:B06A2/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in\n microcode.dat) at revision 0x4124;\n - Removal of cpuid:C06F1/0x87 (EMR-SP A0) microcode (in microcode.dat) at\n revision 0x21000291;\n - Removal of cpuid:C06F2/0x87 (EMR-SP A1) microcode (in microcode.dat) at\n revision 0x21000291;\n - Update of cpuid:50657/0xbf (CLX-SP/W/X B1/L1) microcode (in microcode.dat)\n from revision 0x5003707 up to 0x5003901;\n - Update of cpuid:5065B/0xbf (CPX-SP A1) microcode (in microcode.dat) from\n revision 0x7002904 up to 0x7002b01;\n - Update of cpuid:606A6/0x87 (ICX-SP D0) microcode (in microcode.dat) from\n revision 0xd0003f5 up to 0xd000410;\n - Update of cpuid:606C1/0x10 (ICL-D B0) microcode (in microcode.dat) from\n revision 0x10002c0 up to 0x10002e0;\n - Update of cpuid:706A8/0x01 (GLK-R R0) microcode (in microcode.dat) from\n revision 0x24 up to 0x26;\n - Update of cpuid:706E5/0x80 (ICL-U/Y D1) microcode (in microcode.dat) from\n revision 0xc6 up to 0xca;\n - Update of cpuid:806C1/0x80 (TGL-UP3/UP4 B1) microcode (in microcode.dat)\n from revision 0xb8 up to 0xbc;\n - Update of cpuid:806C2/0xc2 (TGL-R C0) microcode (in microcode.dat) from\n revision 0x38 up to 0x3c;\n - Update of cpuid:806D1/0xc2 (TGL-H R0) microcode (in microcode.dat) from\n revision 0x52 up to 0x56;\n - Update of cpuid:806EC/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode\n (in microcode.dat) from revision 0xfc up to 0x100;\n - Update of cpuid:806F4/0x10 microcode (in microcode.dat) from revision\n 0x2c0003e0 up to 0x2c000401;\n - Update of cpuid:806F4/0x87 (SPR-SP E0/S1) microcode (in microcode.dat) from\n revision 0x2b000620 up to 0x2b000643;\n - Update of cpuid:806F5/0x10 (SPR-HBM B1) microcode (in microcode.dat) from\n revision 0x2c0003e0 up to 0x2c000401;\n - Update of cpuid:806F5/0x87 (SPR-SP E2) microcode (in microcode.dat) from\n revision 0x2b000620 up to 0x2b000643;\n - Update of cpuid:806F6/0x10 microcode (in microcode.dat) from revision\n 0x2c0003e0 up to 0x2c000401;\n - Update of cpuid:806F6/0x87 (SPR-SP E3) microcode (in microcode.dat) from\n revision 0x2b000620 up to 0x2b000643;\n - Update of cpuid:806F7/0x87 (SPR-SP E4/S2) microcode (in microcode.dat) from\n revision 0x2b000620 up to 0x2b000643;\n - Update of cpuid:90675/0x07 (ADL-S 6+0 K0) microcode (in microcode.dat) from\n revision 0x38 up to 0x3a;\n - Update of cpuid:906A4/0x40 (AZB A0) microcode (in microcode.dat) from\n revision 0x9 up to 0xa;\n - Update of cpuid:906A4/0x80 (ADL-P 2+8 R0) microcode (in microcode.dat) from\n revision 0x436 up to 0x437;\n - Update of cpuid:906ED/0x22 (CFL-H/S/Xeon E R0) microcode (in microcode.dat)\n from revision 0x102 up to 0x104;\n - Update of cpuid:A0652/0x20 (CML-H R1) microcode (in microcode.dat) from\n revision 0xfc up to 0x100;\n - Update of cpuid:A0653/0x22 (CML-S 6+2 G1) microcode (in microcode.dat) from\n revision 0xfc up to 0x100;\n - Update of cpuid:A0655/0x22 (CML-S 10+2 Q0) microcode (in microcode.dat)\n from revision 0xfc up to 0x100;\n - Update of cpuid:A0660/0x80 (CML-U 6+2 A0) microcode (in microcode.dat) from\n revision 0xfe up to 0x102;\n - Update of cpuid:A0661/0x80 (CML-U 6+2 v2 K1) microcode (in microcode.dat)\n from revision 0xfc up to 0x100;\n - Update of cpuid:A0671/0x02 (RKL-S B0) microcode (in microcode.dat) from\n revision 0x63 up to 0x64;\n - Update of cpuid:A06A4/0xe6 (MTL-H/U C0) microcode (in microcode.dat) from\n revision 0x20 up to 0x25;\n - Update of cpuid:A06F3/0x01 (SRF-SP C0) microcode (in microcode.dat) from\n revision 0x3000330 up to 0x3000362;\n - Update of cpuid:B0674/0x32 microcode (in microcode.dat) from revision 0x12c\n up to 0x12f;\n - Update of cpuid:B06A3/0xe0 (RPL-U 2+8 Q0) microcode (in microcode.dat) from\n revision 0x4124 up to 0x4129;\n - Update of cpuid:B06A8/0xe0 microcode (in microcode.dat) from revision\n 0x4124 up to 0x4129;\n - Update of cpuid:B06E0/0x19 (ADL-N A0) microcode (in microcode.dat) from\n revision 0x1c up to 0x1d;\n - Update of cpuid:B06F2/0x07 (ADL C0) microcode (in microcode.dat) from\n revision 0x38 up to 0x3a;\n - Update of cpuid:B06F5/0x07 (ADL C0) microcode (in microcode.dat) from\n revision 0x38 up to 0x3a;\n - Update of cpuid:B06F6/0x07 microcode (in microcode.dat) from revision 0x38\n up to 0x3a;\n - Update of cpuid:B06F7/0x07 microcode (in microcode.dat) from revision 0x38\n up to 0x3a;\n - Update of cpuid:C06F1/0x87 (EMR-SP A0) microcode (in microcode.dat) from\n revision 0x21000291 up to 0x210002b3;", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/advisories/2025/clsa-2025_1757692837.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1757692837", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1757692837" } ], "tracking": { "current_release_date": "2026-02-16T09:37:50Z", "generator": { "date": "2026-02-16T09:37:50Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1757692837", "initial_release_date": "2025-09-12T16:01:50Z", "revision_history": [ { "date": "2025-09-12T16:01:50Z", "number": "1", "summary": "Initial version" }, { "date": "2026-02-16T09:37:50Z", "number": "2", "summary": "Update document" } ], "status": "final", "version": "2" }, "title": "microcode_ctl: Fix of 9 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch", "product": { "name": "microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch", "product_id": "microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/microcode_ctl@20220809-2.20250812.1.el9_2.tuxcare.els1?arch=noarch&epoch=4" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch" }, "product_reference": "microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-31157", "cwe": { "id": "CWE-665", "name": "Improper Initialization" }, "notes": [ { "category": "description", "text": "Improper initialization in UEFI firmware OutOfBandXML module in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-31157" } ], "release_date": "2025-02-12T21:19:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-12T16:00:39.912018Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1757692837", "product_ids": [ "AlmaLinux-9.2:microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1757692837" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-20012", "cwe": { "id": "CWE-696", "name": "Incorrect Behavior Order" }, "notes": [ { "category": "description", "text": "Incorrect behavior order for some Intel(R) Core™ Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-20012" } ], "release_date": "2025-05-13T21:01:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-12T16:00:39.912018Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1757692837", "product_ids": [ "AlmaLinux-9.2:microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1757692837" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-45332", "cwe": { "id": "CWE-1423", "name": "Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution" }, "notes": [ { "category": "description", "text": "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-45332" } ], "release_date": "2025-05-13T21:03:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-12T16:00:39.912018Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1757692837", "product_ids": [ "AlmaLinux-9.2:microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1757692837" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-39279", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "notes": [ { "category": "description", "text": "Insufficient granularity of access control in UEFI firmware in some Intel(R) processors may allow a authenticated user to potentially enable denial of service via local access.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-39279" } ], "release_date": "2025-02-12T21:19:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-12T16:00:39.912018Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1757692837", "product_ids": [ "AlmaLinux-9.2:microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1757692837" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-28956", "cwe": { "id": "CWE-1421", "name": "Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution" }, "notes": [ { "category": "description", "text": "Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-28956" } ], "release_date": "2025-05-13T21:02:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-12T16:00:39.912018Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1757692837", "product_ids": [ "AlmaLinux-9.2:microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1757692837" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-43420", "cwe": { "id": "CWE-1423", "name": "Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution" }, "notes": [ { "category": "description", "text": "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom(R) processors may allow an authenticated user to potentially enable information disclosure via local access.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-43420" } ], "release_date": "2025-05-13T21:03:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-12T16:00:39.912018Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1757692837", "product_ids": [ "AlmaLinux-9.2:microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1757692837" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-20623", "cwe": { "id": "CWE-1423", "name": "Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution" }, "notes": [ { "category": "description", "text": "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Core™ processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-20623" } ], "release_date": "2025-05-13T21:02:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-12T16:00:39.912018Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1757692837", "product_ids": [ "AlmaLinux-9.2:microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1757692837" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-28047", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "description", "text": "Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-28047" } ], "release_date": "2025-02-12T21:19:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-12T16:00:39.912018Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1757692837", "product_ids": [ "AlmaLinux-9.2:microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1757692837" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-24495", "cwe": { "id": "CWE-1419", "name": "Incorrect Initialization of Resource" }, "notes": [ { "category": "description", "text": "Incorrect initialization of resource in the branch prediction unit for some Intel(R) Core™ Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-24495" } ], "release_date": "2025-05-13T21:02:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-12T16:00:39.912018Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1757692837", "product_ids": [ "AlmaLinux-9.2:microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1757692837" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:microcode_ctl-4:20220809-2.20250812.1.el9_2.tuxcare.els1.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }