SUSE-SU-2025:01651-2: moderate: Security update for ucode-intel

SLE-SECURITY-UPDATES null at suse.de
Thu May 29 12:30:31 UTC 2025 


# Security update for ucode-intel

Announcement ID: SUSE-SU-2025:01651-2  
Release Date: 2025-05-29T09:40:22Z  
Rating: moderate  
References:

  * bsc#1243123

  
Cross-References:

  * CVE-2024-28956
  * CVE-2024-43420
  * CVE-2024-45332
  * CVE-2025-20012
  * CVE-2025-20054
  * CVE-2025-20103
  * CVE-2025-20623
  * CVE-2025-24495

  
CVSS scores:

  * CVE-2024-28956 ( SUSE ):  5.7
    CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
  * CVE-2024-28956 ( SUSE ):  5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  * CVE-2024-28956 ( NVD ):  5.7
    CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  * CVE-2024-28956 ( NVD ):  5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  * CVE-2024-43420 ( SUSE ):  5.7
    CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  * CVE-2024-43420 ( SUSE ):  5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  * CVE-2024-43420 ( NVD ):  5.7
    CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  * CVE-2024-43420 ( NVD ):  5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  * CVE-2024-45332 ( SUSE ):  5.7
    CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  * CVE-2024-45332 ( SUSE ):  5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  * CVE-2024-45332 ( NVD ):  5.7
    CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  * CVE-2024-45332 ( NVD ):  5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  * CVE-2025-20012 ( SUSE ):  4.1
    CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
  * CVE-2025-20012 ( SUSE ):  4.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
  * CVE-2025-20012 ( NVD ):  4.1
    CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  * CVE-2025-20012 ( NVD ):  4.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
  * CVE-2025-20054 ( NVD ):  6.8
    CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  * CVE-2025-20054 ( NVD ):  6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  * CVE-2025-20103 ( NVD ):  5.7
    CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  * CVE-2025-20103 ( NVD ):  6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  * CVE-2025-20623 ( SUSE ):  5.7
    CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  * CVE-2025-20623 ( SUSE ):  5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  * CVE-2025-20623 ( NVD ):  5.7
    CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  * CVE-2025-20623 ( NVD ):  5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  * CVE-2025-24495 ( SUSE ):  6.8
    CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
  * CVE-2025-24495 ( SUSE ):  5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  * CVE-2025-24495 ( NVD ):  6.8
    CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  * CVE-2025-24495 ( NVD ):  5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

  
Affected Products:

  * Basesystem Module 15-SP7
  * SUSE Linux Enterprise Desktop 15 SP7
  * SUSE Linux Enterprise Real Time 15 SP7
  * SUSE Linux Enterprise Server 15 SP7
  * SUSE Linux Enterprise Server for SAP Applications 15 SP7

  
  
An update that solves eight vulnerabilities can now be installed.

## Description:

This update for ucode-intel fixes the following issues:

Intel CPU Microcode was updated to the 20250512 release (bsc#1243123)

  * CVE-2024-28956: Exposure of Sensitive Information in Shared
    Microarchitectural Structures during Transient Execution for some Intel
    Processors may allow an authenticated user to potentially enable information
    disclosure via local access.
  * CVE-2025-20103: Insufficient resource pool in the core management mechanism
    for some Intel Processors may allow an authenticated user to potentially
    enable denial of service via local access.
  * CVE-2025-20054: Uncaught exception in the core management mechanism for some
    Intel Processors may allow an authenticated user to potentially enable
    denial of service via local access.
  * CVE-2024-43420: Exposure of sensitive information caused by shared
    microarchitectural predictor state that influences transient execution for
    some Intel Atom processors may allow an authenticated user to potentially
    enable information disclosure via local access.
  * CVE-2025-20623: Exposure of sensitive information caused by shared
    microarchitectural predictor state that influences transient execution for
    some Intel Core processors (10th Generation) may allow an authenticated user
    to potentially enable information disclosure via local access.
  * CVE-2024-45332: Exposure of sensitive information caused by shared
    microarchitectural predictor state that influences transient execution in
    the indirect branch predictors for some Intel Processors may allow an
    authenticated user to potentially enable information disclosure via local
    access.
  * CVE-2025-24495: Incorrect initialization of resource in the branch
    prediction unit for some Intel Core Ultra Processors may allow an
    authenticated user to potentially enable information disclosure via local
    access.
  * CVE-2025-20012: Incorrect behavior order for some Intel Core Ultra
    Processors may allow an unauthenticated user to potentially enable
    information disclosure via physical access.
  * Updates for functional issues.

  * New Platforms

Processor Stepping F-M-S/PI Old Ver New Ver Products  
ARL-U A1 06-b5-00/80 0000000a Core Ultra Processor (Series2)  
ARL-S/HX (8P) B0 06-c6-02/82 00000118 Core Ultra Processor (Series2)  
ARL-H A1 06-c5-02/82 00000118 Core Ultra Processor (Series2)  
GNR-AP/SP B0 06-ad-01/95 010003a2 Xeon Scalable Gen6  
GNR-AP/SP H0 06-ad-01/20 0a0000d1 Xeon Scalable Gen6  
LNL B0 06-bd-01/80 0000011f Core Ultra 200 V Series Processor  
  
  * Updated Platforms

Processor Stepping F-M-S/PI Old Ver New Ver Products  
ADL C0 06-97-02/07 00000038 0000003a Core Gen12  
ADL H0 06-97-05/07 00000038 0000003a Core Gen12  
ADL L0 06-9a-03/80 00000436 00000437 Core Gen12  
ADL R0 06-9a-04/80 00000436 00000437 Core Gen12  
ADL-N N0 06-be-00/19 0000001c 0000001d Core i3-N305/N300, N50/N97/N100/N200,
Atom x7211E/x7213E/x7425E  
AML-Y42 V0 06-8e-0c/94 000000fc 00000100 Core Gen10 Mobile  
AZB A0/R0 06-9a-04/40 00000009 0000000a Intel(R) Atom(R) C1100  
CFL-H R0 06-9e-0d/22 00000102 00000104 Core Gen9 Mobile  
CLX-SP B1 06-55-07/bf 05003707 05003901 Xeon Scalable Gen2  
CML-H R1 06-a5-02/20 000000fc 00000100 Core Gen10 Mobile  
CML-S102 Q0 06-a5-05/22 000000fc 00000100 Core Gen10  
CML-S62 G1 06-a5-03/22 000000fc 00000100 Core Gen10  
CML-U42 V0 06-8e-0c/94 000000fc 00000100 Core Gen10 Mobile  
CML-U62 V1 A0 06-a6-00/80 000000fe 00000102 Core Gen10 Mobile  
CML-U62 V2 K1 06-a6-01/80 000000fc 00000100 Core Gen10 Mobile  
CML-Y42 V0 06-8e-0c/94 000000fc 00000100 Core Gen10 Mobile  
CPX-SP A1 06-55-0b/bf 07002904 07002b01 Xeon Scalable Gen3  
EMR-SP A1 06-cf-02/87 21000291 210002a9 Xeon Scalable Gen5  
GLK-R R0 06-7a-08/01 00000024 00000026 Pentium J5040/N5030, Celeron
J4125/J4025/N4020/N4120  
ICL-D B0 06-6c-01/10 010002c0 010002d0 Xeon D-17xx, D-27xx  
ICL-U/Y D1 06-7e-05/80 000000c6 000000ca Core Gen10 Mobile  
ICX-SP Dx/M1 06-6a-06/87 0d0003f5 0d000404 Xeon Scalable Gen3  
MTL C0 06-aa-04/e6 00000020 00000024 Core Ultra Processor  
RKL-S B0 06-a7-01/02 00000063 00000064 Core Gen11  
RPL-E/HX/S B0 06-b7-01/32 0000012c 0000012f Core Gen13/Gen14  
RPL-H/P/PX 6+8 J0 06-ba-02/e0 00004124 00004128 Core Gen13  
RPL-HX/S C0 06-bf-02/07 00000038 0000003a Core Gen13/Gen14  
RPL-S H0 06-bf-05/07 00000038 0000003a Core Gen13/Gen14  
RPL-U 2+8 Q0 06-ba-03/e0 00004124 00004128 Core Gen13  
SPR-HBM Bx 06-8f-08/10 2c0003e0 2c0003f7 Xeon Max  
SPR-SP E4/S2 06-8f-07/87 2b000620 2b000639 Xeon Scalable Gen4  
SPR-SP E5/S3 06-8f-08/87 2b000620 2b000639 Xeon Scalable Gen4  
SRF-SP C0 06-af-03/01 03000330 03000341 Xeon 6700-Series Processors with E-Cores  
TGL B0/B1 06-8c-01/80 000000b8 000000bc Core Gen11 Mobile  
TGL-H R0 06-8d-01/c2 00000052 00000056 Core Gen11 Mobile  
TGL-R C0 06-8c-02/c2 00000038 0000003c Core Gen11 Mobile  
TWL N0 06-be-00/19 0000001c 0000001d Core i3-N305/N300, N50/N97/N100/N200, Atom
x7211E/x7213E/x7425E  
WHL-U V0 06-8e-0c/94 000000fc 00000100 Core Gen8 Mobile  
  
## Special Instructions and Notes:

  * Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * Basesystem Module 15-SP7  
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-1651=1

## Package List:

  * Basesystem Module 15-SP7 (x86_64)
    * ucode-intel-20250512-150200.56.1

## References:

  * https://www.suse.com/security/cve/CVE-2024-28956.html
  * https://www.suse.com/security/cve/CVE-2024-43420.html
  * https://www.suse.com/security/cve/CVE-2024-45332.html
  * https://www.suse.com/security/cve/CVE-2025-20012.html
  * https://www.suse.com/security/cve/CVE-2025-20054.html
  * https://www.suse.com/security/cve/CVE-2025-20103.html
  * https://www.suse.com/security/cve/CVE-2025-20623.html
  * https://www.suse.com/security/cve/CVE-2025-24495.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1243123

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20250529/cf973aab/attachment.htm>

More information about the sle-security-updates mailing list