SUSE-SU-2025:20286-1: important: Security update for ucode-intel
SLE-UPDATES
null at suse.de
Wed Jun 4 07:26:30 UTC 2025
# Security update for ucode-intel
Announcement ID: SUSE-SU-2025:20286-1
Release Date: 2025-03-28T13:56:24Z
Rating: important
References:
* bsc#1233313
* bsc#1237096
Cross-References:
* CVE-2024-21820
* CVE-2024-21853
* CVE-2024-23918
* CVE-2024-23984
* CVE-2024-24968
* CVE-2024-31068
* CVE-2024-36293
* CVE-2024-37020
* CVE-2024-39355
CVSS scores:
* CVE-2024-21820 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
* CVE-2024-21820 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
* CVE-2024-21820 ( NVD ): 8.5
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-21820 ( NVD ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
* CVE-2024-21853 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-21853 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-21853 ( NVD ): 5.7
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-21853 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-23918 ( SUSE ): 8.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2024-23918 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2024-23918 ( NVD ): 8.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-23918 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2024-23984 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
* CVE-2024-23984 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
* CVE-2024-23984 ( NVD ): 6.8
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-23984 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
* CVE-2024-24968 ( SUSE ): 5.6
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-24968 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
* CVE-2024-24968 ( NVD ): 5.6
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-24968 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
* CVE-2024-31068 ( SUSE ): 5.6
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-31068 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
* CVE-2024-31068 ( NVD ): 5.6
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-31068 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
* CVE-2024-36293 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-36293 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2024-36293 ( NVD ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-36293 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2024-37020 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-37020 ( SUSE ): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
* CVE-2024-37020 ( NVD ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-37020 ( NVD ): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
* CVE-2024-37020 ( NVD ): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
* CVE-2024-39355 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-39355 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2024-39355 ( NVD ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-39355 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Affected Products:
* SUSE Linux Micro 6.1
An update that solves nine vulnerabilities can now be installed.
## Description:
This update for ucode-intel fixes the following issues:
* Intel CPU Microcode was updated to the 20250211 release (bsc#1237096)
* Security updates for INTEL-SA-01166
https://www.intel.com/content/www/us/en/security-center/advisory/intel-
sa-01166.html
* CVE-2024-31068: Improper Finite State Machines (FSMs) in Hardware Logic for some Intel Processors may allow privileged user to potentially enable denial of service via local access.
* Security updates for INTEL-SA-01213
https://www.intel.com/content/www/us/en/security-center/advisory/intel-
sa-01213.html
* CVE-2024-36293: A potential security vulnerability in some Intel Software Guard Extensions (Intel SGX) Platforms may allow denial of service. Intel is releasing microcode updates to mitigate this potential vulnerability.
* Security updates for INTEL-SA-01139
https://www.intel.com/content/www/us/en/security-center/advisory/intel-
sa-01139.html
* not clear which CVEs are fixed here, and which are in UEFI BIOS updates.
* Security updates for INTEL-SA-01228
https://www.intel.com/content/www/us/en/security-center/advisory/intel-
sa-01228.html
* CVE-2024-39355: A potential security vulnerability in some 13th and 14th Generation Intel Core Processors may allow denial of service. Intel is releasing microcode and UEFI reference code updates to mitigate this potential vulnerability.
* Security updates for INTEL-SA-01194
https://www.intel.com/content/www/us/en/security-center/advisory/intel-
sa-01194.html
* CVE-2024-37020: A potential security vulnerability in the Intel Data Streaming Accelerator (Intel DSA) for some Intel Xeon Processors may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability.
* Update for functional issues. Refer to Intel Core Ultra Processor
https://cdrdv2.intel.com/v1/dl/getContent/792254 for details.
* Refer to 13th/14th Generation Intel Core Processor Specification Update
https://cdrdv2.intel.com/v1/dl/getContent/740518 for details.
* Refer to 12th Generation Intel Core Processor Family
https://cdrdv2.intel.com/v1/dl/getContent/682436 for details.
* Refer to 11th Gen Intel Core Processor Specification Update
https://cdrdv2.intel.com/v1/dl/getContent/631123 for details.
* Refer to 8th and 9th Generation Intel Core Processor Family Spec Update
https://cdrdv2.intel.com/v1/dl/getContent/337346 for details.
* Refer to 5th Gen Intel Xeon Scalable Processors Specification Update
https://cdrdv2.intel.com/v1/dl/getContent/793902 for details.
* Refer to 4th Gen Intel Xeon Scalable Processors Specification Update
https://cdrdv2.intel.com/v1/dl/getContent/772415 for details.
* Refer to 3rd Generation Intel Xeon Processor Scalable Family Specification
Update https://cdrdv2.intel.com/v1/dl/getContent/637780 for details.
* Refer to Intel Xeon D-2700 Processor Specification Update
https://cdrdv2.intel.com/v1/dl/getContent/714071 for details.
* Refer to Intel Xeon E-2300 Processor Specification Update
https://cdrdv2.intel.com/v1/dl/getContent/709192 for details.
* Refer to Intel Xeon 6700-Series Processor Specification Update
https://cdrdv2.intel.com/v1/dl/getContent/820922 for details.
* Refer to Intel Processors and Intel Core i3 N-Series
https://cdrdv2.intel.com/v1/dl/getContent/764616 for details
### New Platforms
Processor Stepping F-M-S/PI Old Ver New Ver Products
SRF-SP C0 06-af-03/01 03000330 Xeon 6700-Series Processors
### Updated Platforms
Processor Stepping F-M-S/PI Old Ver New Ver Products
ADL C0 06-97-02/07 00000037 00000038 Core Gen12
ADL H0 06-97-05/07 00000037 00000038 Core Gen12
ADL L0 06-9a-03/80 00000435 00000436 Core Gen12
ADL R0 06-9a-04/80 00000435 00000436 Core Gen12
ADL-N N0 06-be-00/19 0000001a 0000001c Core i3-N305/N300, N50/N97/N100/N200,
Atom x7211E/x7213E/x7425E
AZB A0/R0 06-9a-04/40 00000007 00000009 Intel(R) Atom(R) C1100
CFL-H R0 06-9e-0d/22 00000100 00000102 Core Gen9 Mobile
CFL-H/S/E3 U0 06-9e-0a/22 000000f8 000000fa Core Gen8 Desktop, Mobile,
Xeon E
EMR-SP A0 06-cf-01/87 21000283 21000291 Xeon Scalable Gen5
EMR-SP A1 06-cf-02/87 21000283 21000291 Xeon Scalable Gen5
ICL-D B0 06-6c-01/10 010002b0 010002c0 Xeon D-17xx, D-27xx
ICX-SP Dx/M1 06-6a-06/87 0d0003e7 0d0003f5 Xeon Scalable Gen3
RPL-E/HX/S B0 06-b7-01/32 0000012b 0000012c Core Gen13/Gen14
RPL-H/P/PX 6+8 J0 06-ba-02/e0 00004123 00004124 Core Gen13
RPL-HX/S C0 06-bf-02/07 00000037 00000038 Core Gen13/Gen14
RPL-U 2+8 Q0 06-ba-03/e0 00004123 00004124 Core Gen13
RPL-S H0 06-bf-05/07 00000037 00000038 Core Gen13/Gen14
RKL-S B0 06-a7-01/02 00000062 00000063 Core Gen11
SPR-HBM Bx 06-8f-08/10 2c000390 2c0003e0 Xeon Max
SPR-SP E4/S2 06-8f-07/87 2b000603 2b000620 Xeon Scalable Gen4
SPR-SP E5/S3 06-8f-08/87 2b000603 2b000620 Xeon Scalable Gen4
TWL N0 06-be-00/19 0000001a 0000001c Core i3-N305/N300, N50/N97/N100/N200,
Atom x7211E/x7213E/x7425E
### New Disclosures Updated in Prior Releases
Processor Stepping F-M-S/PI Old Ver New Ver Products
CFL-H/S P0 06-9e-0c/22 000000f6 000000f8 Core Gen9
* Intel CPU Microcode was updated to the 20241112 release (bsc#1233313)
* CVE-2024-21853: Faulty finite state machines (FSMs) in the hardware logic in
some 4th and 5th Generation Intel Xeon Processors may allow an authorized
user to potentially enable denial of service via local access. Security
updates for INTEL-SA-01101
* CVE-2024-23918: Improper conditions check in some Intel Xeon processor
memory controller configurations when using Intel SGX may allow a privileged
user to potentially enable escalation of privilege via local access.
Security updates for INTEL-SA-01079
* CVE-2024-21820: Incorrect default permissions in some Intel Xeon processor
memory controller configurations when using Intel SGX may allow a privileged
user to potentially enable escalation of privilege via local access.
Security updates for INTEL-SA-01079
* CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in
some Intel Processors may allow an privileged user to potentially enable a
denial of service via local access. Updated security updates for INTEL-
SA-01097
* CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel
Processors may allow a privileged user to potentially enable information
disclosure via local access Updated security updates for INTEL-SA-01103
* Update for functional issues.
* Refer to Intel Core Ultra Processor for details.
* Refer to 14th/13th Generation Intel Core Processor Specification Update for
details.
* Refer to 12th Generation Intel Core Processor Family for details.
* Refer to 5th Gen Intel Xeon Scalable Processors Specification Update for
details.
* Refer to 4th Gen Intel Xeon Scalable Processors Specification Update for
details.
* Refer to 3rd Generation Intel Xeon Processor Scalable Family Specification
Update for details.
* Refer to Intel Xeon D-2700 Processor Specification Update for details.
* Refer to Intel Xeon D-1700 and D-1800 Processor Family Specification Update
for details
New Platforms:
Processor Stepping F-M-S/PI Old Ver New Ver Products
Updated Platforms:
Processor Stepping F-M-S/PI Old Ver New Ver Products
ADL C0 06-97-02/07 00000036 00000037 Core Gen12
ADL H0 06-97-05/07 00000036 00000037 Core Gen12
ADL L0 06-9a-03/80 00000434 00000435 Core Gen12
ADL R0 06-9a-04/80 00000434 00000435 Core Gen12
EMR-SP A0 06-cf-01/87 21000230 21000283 Xeon Scalable Gen5
EMR-SP A1 06-cf-02/87 21000230 21000283 Xeon Scalable Gen5
MTL C0 06-aa-04/e6 0000001f 00000020 Core™ Ultra Processor
RPL-H/P/PX 6+8 J0 06-ba-02/e0 00004122 00004123 Core Gen13
RPL-HX/S C0 06-bf-02/07 00000036 00000037 Core Gen13/Gen14
RPL-S H0 06-bf-05/07 00000036 00000037 Core Gen13/Gen14
RPL-U 2+8 Q0 06-ba-03/e0 00004122 00004123 Core Gen13
SPR-SP E3 06-8f-06/87 2b0005c0 2b000603 Xeon Scalable Gen4
SPR-SP E4/S2 06-8f-07/87 2b0005c0 2b000603 Xeon Scalable Gen4
SPR-SP E5/S3 06-8f-08/87 2b0005c0 2b000603 Xeon Scalable Gen4
New Disclosures Updated in Prior Releases:
Processor Stepping F-M-S/PI Old Ver New Ver Products
ICL-D B0 06-6c-01/10 010002b0 N/A Xeon D-17xx/D-18xx,
D-27xx/D-28xx
ICX-SP Dx/M1 06-6a-06/87 0d0003e7 N/A Xeon Scalable Gen3
* Intel CPU Microcode was updated to the 20241029 release
Update for functional issues. Refer to 14th/13th Generation Intel Core Processor
Specification Update for details.
Updated Platforms:
Processor Stepping F-M-S/PI Old Ver New Ver Products
RPL-E/HX/S B0 06-b7-01/32 00000129 0000012b Core Gen13/Gen14
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Micro 6.1
zypper in -t patch SUSE-SLE-Micro-6.1-26=1
## Package List:
* SUSE Linux Micro 6.1 (x86_64)
* ucode-intel-20250211-slfo.1.1_2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-21820.html
* https://www.suse.com/security/cve/CVE-2024-21853.html
* https://www.suse.com/security/cve/CVE-2024-23918.html
* https://www.suse.com/security/cve/CVE-2024-23984.html
* https://www.suse.com/security/cve/CVE-2024-24968.html
* https://www.suse.com/security/cve/CVE-2024-31068.html
* https://www.suse.com/security/cve/CVE-2024-36293.html
* https://www.suse.com/security/cve/CVE-2024-37020.html
* https://www.suse.com/security/cve/CVE-2024-39355.html
* https://bugzilla.suse.com/show_bug.cgi?id=1233313
* https://bugzilla.suse.com/show_bug.cgi?id=1237096
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20250604/26f15f95/attachment.htm>
More information about the sle-updates
mailing list