USN-7866-1: Intel Microcode vulnerabilities

https://ubuntu.com/security/notices/rss.xml / Tue, 11/11/2025 - 01:47

Barak Gross discovered that some Intel® Xeon® processors with SGX enabled did not properly handle buffer restrictions. A local authenticated user could potentially use this issue to escalate their privileges. (CVE-2025-20053) Avinash Maddy discovered that some Intel® processors did not properly isolate or compartmentalize the stream cache mechanisms. A local authenticated user could potentially use this issue to escalate their privileges. (CVE-2025-20109) Joseph Nuzman discovered that some Intel® Xeon® processors did not properly manage references to active allocate resources. A local authenticated user could potentially use this issue to cause a denial of service (system crash). (CVE-2025-21090) It was discovered that some Intel® Xeon® 6 processors did not properly provide sufficient granularity of access control in the out of band management service module (OOB-MSM). An authenticated user could potentially use this issue to escalate their privileges. (CVE-2025-22839) It was discovered that some Intel® Xeon® 6 Scalable processors did not properly handle a specific sequence of processor instructions, leading to unexpected behavior. A local authenticated user could potentially use this issue to escalate their privileges. (CVE-2025-22840) Joseph Nuzman discovered that some Intel® Xeon® 6 processors with Intel® Trust Domain Extensions (Intel® TDX) did not properly handle overlap between protected memory ranges. A local authenticated user could potentially use this issue to escalate their privileges. (CVE-2025-22889) Avraham Shalev discovered that some Intel® Xeon® processors did not properly provide sufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware. A local authenticated user could potentially use this issue to escalate their privileges. (CVE-2025-24305) Aviv Eisen and Avraham Shalev discovered that some Intel® Xeon® 6 processors when using Intel® SGX or Intel® TDX did not properly protect against out-of-bounds writes in the memory subsystem. A local authenticated user could potentially use this issue to escalate their privileges. (CVE-2025-26403) Aviv Eisen and Avraham Shalev discovered that some Intel® Xeon® 6 processors when using Intel® SGX or Intel® TDX did not properly implement security checks in the DDRIO configuration. A local authenticated user could potentially use this issue to escalate their privileges. (CVE-2025-32086)

About

Kenya Education Network CERT(KENET-CERT) is a Cybersecurity Emergency Response Team and Co-ordination Center operated by the National Research and Education Network of Kenya. KENET-CERT coordination center promotes awareness on cybersecurity incidences as well as coordinates and assists member institutions in responding effectively to cyber security threats and incidences. KENET-CERT works closely with Kenya's National CIRT coordination center (CIRT/CC) as a sector CIRT for the academic institutions. KENET promotes use of ICT in Teaching, Learning and Research in Higher Education Institutions in Kenya. KENET aims to interconnect all the Universities, Tertiary and Research Institutions in Kenya by setting up a cost effective and sustainable private network with high speed access to the global Internet. KENET also facilitates electronic communication among students and faculties in member institutions, share learning and teaching resources by collaboration in Research and Development of Educational content.

USN-7866-1: Intel Microcode vulnerabilities

Categories

Recent Posts

CVE-2025-13748 - Fluent Forms <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id

CVE-2025-13894 - CSV Sumotto <= 1.0 - Reflected Cross-Site Scripting

CVE-2025-13309 - Accessiy By CodeConfig Accessibility – Easy One-Click Accessibility Toolbar That Truly Matters <= 1.0.0 - Authenticated (Subscriber+) Missing Authorization to Modify Accessibility Settings

About