SUSE-SU-2025:20092-1: important: Security update for ucode-intel

SLE-UPDATES null at suse.de
Wed Jun 4 08:55:46 UTC 2025 


# Security update for ucode-intel

Announcement ID: SUSE-SU-2025:20092-1  
Release Date: 2025-02-03T09:11:18Z  
Rating: important  
References:

  * bsc#1233313

  
Cross-References:

  * CVE-2024-21820
  * CVE-2024-21853
  * CVE-2024-23918
  * CVE-2024-23984
  * CVE-2024-24968

  
CVSS scores:

  * CVE-2024-21820 ( SUSE ):  8.5
    CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
  * CVE-2024-21820 ( SUSE ):  7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
  * CVE-2024-21820 ( NVD ):  8.5
    CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  * CVE-2024-21820 ( NVD ):  7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
  * CVE-2024-21853 ( SUSE ):  5.7
    CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2024-21853 ( SUSE ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-21853 ( NVD ):  5.7
    CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  * CVE-2024-21853 ( NVD ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-23918 ( SUSE ):  8.8
    CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
  * CVE-2024-23918 ( SUSE ):  8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  * CVE-2024-23918 ( NVD ):  8.8
    CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  * CVE-2024-23918 ( NVD ):  8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  * CVE-2024-23984 ( SUSE ):  6.8
    CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
  * CVE-2024-23984 ( SUSE ):  5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
  * CVE-2024-23984 ( NVD ):  6.8
    CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  * CVE-2024-23984 ( NVD ):  5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
  * CVE-2024-24968 ( SUSE ):  5.6
    CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2024-24968 ( SUSE ):  5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
  * CVE-2024-24968 ( NVD ):  5.6
    CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  * CVE-2024-24968 ( NVD ):  5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H

  
Affected Products:

  * SUSE Linux Micro 6.0

  
  
An update that solves five vulnerabilities can now be installed.

## Description:

This update for ucode-intel fixes the following issues:

  * Intel CPU Microcode was updated to the 20241112 release (bsc#1233313)

  * CVE-2024-21853: Faulty finite state machines (FSMs) in the hardware logic in
    some 4th and 5th Generation Intel Xeon Processors may allow an authorized
    user to potentially enable denial of service via local access.

  * CVE-2024-23918: Improper conditions check in some Intel Xeon processor
    memory controller configurations when using Intel SGX may allow a privileged
    user to potentially enable escalation of privilege via local access.
  * CVE-2024-21820: Incorrect default permissions in some Intel Xeon processor
    memory controller configurations when using Intel SGX may allow a privileged
    user to potentially enable escalation of privilege via local access.
  * CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in
    some Intel Processors may allow an privileged user to potentially enable a
    denial of service via local access.
  * CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel
    Processors may allow a privileged user to potentially enable information
    disclosure via local access.
  * Update for functional issues.

Updated Platforms:

Processor Stepping F-M-S/PI Old Ver New Ver Products  
ADL C0 06-97-02/07 00000036 00000037 Core Gen12  
ADL H0 06-97-05/07 00000036 00000037 Core Gen12  
ADL L0 06-9a-03/80 00000434 00000435 Core Gen12  
ADL R0 06-9a-04/80 00000434 00000435 Core Gen12  
EMR-SP A0 06-cf-01/87 21000230 21000283 Xeon Scalable Gen5  
EMR-SP A1 06-cf-02/87 21000230 21000283 Xeon Scalable Gen5  
MTL C0 06-aa-04/e6 0000001f 00000020 Core™ Ultra Processor  
RPL-H/P/PX 6+8 J0 06-ba-02/e0 00004122 00004123 Core Gen13  
RPL-HX/S C0 06-bf-02/07 00000036 00000037 Core Gen13/Gen14  
RPL-S H0 06-bf-05/07 00000036 00000037 Core Gen13/Gen14  
RPL-U 2+8 Q0 06-ba-03/e0 00004122 00004123 Core Gen13  
SPR-SP E3 06-8f-06/87 2b0005c0 2b000603 Xeon Scalable Gen4  
SPR-SP E4/S2 06-8f-07/87 2b0005c0 2b000603 Xeon Scalable Gen4  
SPR-SP E5/S3 06-8f-08/87 2b0005c0 2b000603 Xeon Scalable Gen4  
  
New Disclosures Updated in Prior Releases:

Processor Stepping F-M-S/PI Old Ver New Ver Products  
ICL-D B0 06-6c-01/10 010002b0 N/A Xeon D-17xx/D-18xx, D-27xx/D-28xx  
ICX-SP Dx/M1 06-6a-06/87 0d0003e7 N/A Xeon Scalable Gen3  
  
  * Intel CPU Microcode was updated to the 20241029 release Update for
    functional issues.

Updated Platforms:

Processor Stepping F-M-S/PI Old Ver New Ver Products  
RPL-E/HX/S B0 06-b7-01/32 00000129 0000012b Core Gen13/Gen14  
  
## Special Instructions and Notes:

  * Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Micro 6.0  
    zypper in -t patch SUSE-SLE-Micro-6.0-189=1

## Package List:

  * SUSE Linux Micro 6.0 (x86_64)
    * ucode-intel-20241112-1.1

## References:

  * https://www.suse.com/security/cve/CVE-2024-21820.html
  * https://www.suse.com/security/cve/CVE-2024-21853.html
  * https://www.suse.com/security/cve/CVE-2024-23918.html
  * https://www.suse.com/security/cve/CVE-2024-23984.html
  * https://www.suse.com/security/cve/CVE-2024-24968.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1233313

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20250604/2268707f/attachment-0001.htm>

More information about the sle-updates mailing list