Bug#1105172: marked as done (intel-microcode: CVE-2024-28956 CVE-2025-24495 CVE-2025-20012 CVE-2024-43420 CVE-2025-20623 CVE-2024-45332 CVE-2025-20103 CVE-2025-20054)

Sat, 17 May 2025 06:21:35 -0700 

Your message dated Sat, 17 May 2025 13:19:00 +0000
with message-id <e1ughrm-00bbme...@fasolo.debian.org>
and subject line Bug#1105172: fixed in intel-microcode 3.20250512.1
has caused the Debian Bug report #1105172,
regarding intel-microcode: CVE-2024-28956 CVE-2025-24495 CVE-2025-20012 
CVE-2024-43420 CVE-2025-20623 CVE-2024-45332 CVE-2025-20103 CVE-2025-20054
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1105172: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105172
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: intel-microcode
Version: 3.20250211.1
Severity: grave
Tags: upstream security
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>

Hi,

The following vulnerabilities were published for intel-microcode.

Henrique, choosing RC but feel free to downgrade if you do not agree.
There are two INTEL-SA-01244 and INTEL-SA-01247 which are not yet
published.

CVE-2024-28956[0]:
| x86: Indirect Target Selection


CVE-2025-24495[1]:
| INTEL-SA-01322


CVE-2025-20012[2]:
| INTEL-SA-01322


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-28956
    https://www.cve.org/CVERecord?id=CVE-2024-28956
[1] https://security-tracker.debian.org/tracker/CVE-2025-24495
    https://www.cve.org/CVERecord?id=CVE-2025-24495
[2] https://security-tracker.debian.org/tracker/CVE-2025-20012
    https://www.cve.org/CVERecord?id=CVE-2025-20012
[3] 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: intel-microcode
Source-Version: 3.20250512.1
Done: Henrique de Moraes Holschuh <h...@debian.org>

We believe that the bug you reported is fixed in the latest version of
intel-microcode, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1105...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Henrique de Moraes Holschuh <h...@debian.org> (supplier of updated 
intel-microcode package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 17 May 2025 01:35:08 -0300
Source: intel-microcode
Architecture: source
Version: 3.20250512.1
Distribution: unstable
Urgency: high
Maintainer: Henrique de Moraes Holschuh <h...@debian.org>
Changed-By: Henrique de Moraes Holschuh <h...@debian.org>
Closes: 1105172
Changes:
 intel-microcode (3.20250512.1) unstable; urgency=high
 .
   * New upstream microcode datafile 20250512 (closes: #1105172)
     - Mitigations for INTEL-SA-01153 (ITS: Indirect Target Selection):
       CVE-2024-28956: Processor may incompletely mitigate Branch Target
       Injection due to indirect branch predictions that are not fully
       constrained by eIBRS nor by the IBPB barrier.  Part of the "Training
       Solo" set of vulnerabilities.
     - Mitigations for INTEL-SA-01244:
       CVE-2025-20103: Insufficient resource pool in the core management
       mechanism for some Intel Processors may allow an authenticated user
       to potentially enable denial of service via local access.
       CVE-2025-20054: Uncaught exception in the core management mechanism
       for some Intel Processors may allow an authenticated user to
       potentially enable denial of service via local access.
     - Mitigations for INTEL-SA-01247:
       CVE-2024-43420, CVE-2025-20623: Exposure of sensitive information
       caused by shared microarchitectural predictor state that influences
       transient execution for some Intel Atom and some Intel Core
       processors (10th Generation) may allow an authenticated user to
       potentially enable information disclosure via local access.
       CVE-2024-45332 (Branch Privilege Injection): Exposure of sensitive
       information caused by shared microarchitectural predictor state that
       influences transient execution in the indirect branch predictors for
       some Intel Processors may allow an authenticated user to potentially
       enable information disclosure via local access.
     - Mitigations for INTEL-SA-01322:
       CVE-2025-24495 (Training Solo): Incorrect initialization of resource
       in the branch prediction unit for some Intel Core Ultra Processors
       may allow an authenticated user to potentially enable information
       disclosure via local access (IBPB bypass)
       CVE-2025-20012 (Training Solo): Incorrect behavior order for some
       Intel Core Ultra Processors may allow an unauthenticated user to
       potentially enable information disclosure via physical access.
     - Improved fix for the Vmin Shift Instability for the Intel Core 13th
       and 14th gen processors under low-activity scenarios (sig 0xb0671).
       This microcode update is supposed to be delivered as a system
       firmware update, but according to Intel it should be effective when
       loaded by the operating system if the system firmware has revision
       0x12e.
     - Fixes for unspecified functional issues on several processor models
   * New microcodes or new extended signatures:
     sig 0x000a06d1, pf_mask 0x95, 2025-02-07, rev 0x10003a2, size 1664000
     sig 0x000a06d1, pf_mask 0x20, 2025-02-07, rev 0xa0000d1, size 1635328
     sig 0x000b0650, pf_mask 0x80, 2025-03-18, rev 0x000a, size 136192
     sig 0x000b06d1, pf_mask 0x80, 2025-03-18, rev 0x011f, size 79872
     sig 0x000c0662, pf_mask 0x82, 2025-03-20, rev 0x0118, size 90112
     sig 0x000c06a2, pf_mask 0x82, 2025-03-20, rev 0x0118
     sig 0x000c0652, pf_mask 0x82, 2025-03-20, rev 0x0118
     sig 0x000c0664, pf_mask 0x82, 2025-03-20, rev 0x0118
   * Updated microcodes:
     sig 0x00050657, pf_mask 0xbf, 2024-12-12, rev 0x5003901, size 39936
     sig 0x0005065b, pf_mask 0xbf, 2024-12-12, rev 0x7002b01, size 30720
     sig 0x000606a6, pf_mask 0x87, 2025-01-07, rev 0xd000404, size 309248
     sig 0x000606c1, pf_mask 0x10, 2025-01-07, rev 0x10002d0, size 300032
     sig 0x000706a8, pf_mask 0x01, 2024-12-05, rev 0x0026, size 76800
     sig 0x000706e5, pf_mask 0x80, 2025-01-07, rev 0x00ca, size 115712
     sig 0x000806c1, pf_mask 0x80, 2024-12-01, rev 0x00bc, size 112640
     sig 0x000806c2, pf_mask 0xc2, 2024-12-01, rev 0x003c, size 99328
     sig 0x000806d1, pf_mask 0xc2, 2024-12-11, rev 0x0056, size 105472
     sig 0x000806ec, pf_mask 0x94, 2024-11-17, rev 0x0100, size 106496
     sig 0x000806f8, pf_mask 0x87, 2025-01-28, rev 0x2b000639, size 591872
     sig 0x000806f7, pf_mask 0x87, 2025-01-28, rev 0x2b000639
     sig 0x000806f6, pf_mask 0x87, 2025-01-28, rev 0x2b000639
     sig 0x000806f5, pf_mask 0x87, 2025-01-28, rev 0x2b000639
     sig 0x000806f4, pf_mask 0x87, 2025-01-28, rev 0x2b000639
     sig 0x000806f8, pf_mask 0x10, 2025-01-28, rev 0x2c0003f7, size 624640
     sig 0x000806f6, pf_mask 0x10, 2025-01-28, rev 0x2c0003f7
     sig 0x000806f5, pf_mask 0x10, 2025-01-28, rev 0x2c0003f7
     sig 0x000806f4, pf_mask 0x10, 2025-01-28, rev 0x2c0003f7
     sig 0x00090672, pf_mask 0x07, 2024-12-12, rev 0x003a, size 226304
     sig 0x00090675, pf_mask 0x07, 2024-12-12, rev 0x003a
     sig 0x000b06f2, pf_mask 0x07, 2024-12-12, rev 0x003a
     sig 0x000b06f5, pf_mask 0x07, 2024-12-12, rev 0x003a
     sig 0x000b06f6, pf_mask 0x07, 2024-12-12, rev 0x003a
     sig 0x000b06f7, pf_mask 0x07, 2024-12-12, rev 0x003a
     sig 0x000906a3, pf_mask 0x80, 2024-12-12, rev 0x0437, size 224256
     sig 0x000906a4, pf_mask 0x80, 2024-12-12, rev 0x0437
     sig 0x000906a4, pf_mask 0x40, 2024-12-06, rev 0x000a, size 119808
     sig 0x000906ed, pf_mask 0x22, 2024-11-14, rev 0x0104, size 106496
     sig 0x000a0652, pf_mask 0x20, 2024-11-14, rev 0x0100, size 97280
     sig 0x000a0653, pf_mask 0x22, 2024-11-14, rev 0x0100, size 98304
     sig 0x000a0655, pf_mask 0x22, 2024-11-14, rev 0x0100, size 97280
     sig 0x000a0660, pf_mask 0x80, 2024-11-14, rev 0x0102, size 98304
     sig 0x000a0661, pf_mask 0x80, 2024-11-14, rev 0x0100, size 97280
     sig 0x000a0671, pf_mask 0x02, 2024-12-01, rev 0x0064, size 108544
     sig 0x000a06a4, pf_mask 0xe6, 2025-02-13, rev 0x0024, size 140288
     sig 0x000a06f3, pf_mask 0x01, 2025-02-10, rev 0x3000341, size 1542144
     sig 0x000b0671, pf_mask 0x32, 2025-03-17, rev 0x012f, size 219136
     sig 0x000b0674, pf_mask 0x32, 2025-03-17, rev 0x012f
     sig 0x000b06a2, pf_mask 0xe0, 2025-01-15, rev 0x4128, size 224256
     sig 0x000b06a3, pf_mask 0xe0, 2025-01-15, rev 0x4128
     sig 0x000b06a8, pf_mask 0xe0, 2025-01-15, rev 0x4128
     sig 0x000b06e0, pf_mask 0x19, 2024-12-06, rev 0x001d, size 139264
     sig 0x000c06f2, pf_mask 0x87, 2025-03-14, rev 0x210002a9, size 563200
     sig 0x000c06f1, pf_mask 0x87, 2025-03-14, rev 0x210002a9
   * Removed microcodes (ES/QS steppings):
     sig 0x00050656, pf_mask 0xbf, 2023-07-28, rev 0x4003605, size 38912
     sig 0x000c06f1, pf_mask 0x87, 2025-03-14, rev 0x210002a9 [EXCLUDED]
   * Makefile: exclude QS/ES steppings 0x50656, 0xc06f1.
   * Makefile: add targets to create split F-M-S /lib/firmware dir
   * debian/rules: use new intel-ucode-{fw,fw64} Makefile targets
     Removes from the binary package the F-M-S files for extended signatures
     that were excluded by IUC_EXCLUDE.
   * source: update symlinks to reflect id of the latest release, 20250512
Checksums-Sha1:
 a658da434d52bb3db41a269b3e560f5d101e3a8c 1879 intel-microcode_3.20250512.1.dsc
 153cbd38f7cc53446e6f3a5b8a3b373f936f88df 11581396 
intel-microcode_3.20250512.1.tar.xz
 e8a34734f76bf98e4b9ee0ec9044bd73d711ca1f 6508 
intel-microcode_3.20250512.1_amd64.buildinfo
Checksums-Sha256:
 b410d9dbd95f5756850f64157d22937f7396d149642881d131c1e4abcc6168a1 1879 
intel-microcode_3.20250512.1.dsc
 5773cf59867d90f4f5479bae973ac85f1cce2f7ae407645ec29c4ec1ba60f8e2 11581396 
intel-microcode_3.20250512.1.tar.xz
 00e0593b827aee10c7fb1f8f09247aa55f6ffea3ee7c42c137c6d4d02129a8b3 6508 
intel-microcode_3.20250512.1_amd64.buildinfo
Files:
 7afacd0ac111fd345a770605cdaa5192 1879 non-free-firmware/admin standard 
intel-microcode_3.20250512.1.dsc
 aed193e77298e7277bd025d8092697ae 11581396 non-free-firmware/admin standard 
intel-microcode_3.20250512.1.tar.xz
 cb06ccfb5131ab5a2479f2c7f98d439f 6508 non-free-firmware/admin standard 
intel-microcode_3.20250512.1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpvbMGUAhfu+gsYOwlOXoPKamj0cFAmgoiVcACgkQlOXoPKam
j0e8+RAAm6J35nBm35nJW/tu/H/hnVis1H87IvvN0nexOjZRQxdhVMW9QIAiax6E
oXWd8UHhR3xAsXnZornGqDiU3sIZieSLhcR++D9izl7WLg40SMD11tgu9u+mJZA+
gxJ7k6Dnl+RT0/lQit/eJgx/2QI1RnrzyV6Uf/TGlIIcqUbvHbHUEgW/hbUAy73y
qNsdwQzerIO9a9wfifj+k/lw4KtOeHIC+fQVwuO2iuMoLW1kKiP3zHAULywg8R71
P85RPITiVL+8kDM2u9daUZ2U6VxaVoVGXgaKOUuMZ3AVV/AkVzrIpyJV4Rbo+bL6
LuiaxwC2pdecaFxblYIRat2t9L67SxwYnanNkcLSWy3WrAyrL3VD4hwWnssQgre/
wWmVc706SEs0t9VzPufFDYiP27czq5yfzHvzYwSs3zH22aIab1xg4Ot9BlvXs9dw
k6oRuGwCy0fwEyIqERmoAGusmb2O1IXKoin9szF0RQnKaxprhXn6xPoscH2Ac66d
onDTy8FNnrSPIt4ZfWSCi3EPk0uphbYdz21bOFqKlcKggJI2UxPTq8/NFUGMzuCe
I0Cgmd9bYPEtEvpTInYZp13NWGQwestcfGcQtq/zf4s9JuXHPPSv180HGXjhAfgR
rHzTOjb0f1aYcnzVcbDxdTbgP5AfClJ+bLFGipvZdLKZdcIlT5E=
=mXG4
-----END PGP SIGNATURE-----

Attachment: pgpN1z4ylVQdB.pgp
Description: PGP signature


--- End Message ---

Reply via email to