| Package | intel-microcode |
|---|---|
| Version | 3.20250812.1~deb9u1 (stretch), 3.20250812.1~deb10u1 (buster) |
| Related CVEs | CVE-2025-20053 CVE-2025-20109 CVE-2025-21090 CVE-2025-22839 CVE-2025-22840 CVE-2025-22889 CVE-2025-24305 CVE-2025-26403 CVE-2025-32086 |
This update ships updated CPU microcode for some types of Intel CPUs and provides mitigations for security vulnerabilities which could result in privilege escalation or denial of service.
CVE-2025-20053
Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with
SGX enabled may allow a privileged user to potentially enable escalation of
privilege via local access.
CVE-2025-20109
Improper Isolation or Compartmentalization in the stream cache mechanism for
some Intel(R) Processors may allow an authenticated user to potentially enable
escalation of privilege via local access.
CVE-2025-21090
Missing reference to active allocated resource for some Intel(R) Xeon(R)
processors may allow an authenticated user to potentially enable denial of
service via local access.
CVE-2025-22839
Insufficient granularity of access control in the OOB-MSM for some Intel(R)
Xeon(R) 6 Scalable processors may allow a privileged user to potentially enable
escalation of privilege via adjacent access.
CVE-2025-22840
Sequence of processor instructions leads to unexpected behavior for some
Intel(R) Xeon(R) 6 Scalable processors may allow an authenticated user to
potentially enable escalation of privilege via local access
CVE-2025-22889
Improper handling of overlap between protected memory ranges for some Intel(R)
Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to
potentially enable escalation of privilege via local access.
CVE-2025-24305
Insufficient control flow management in the Alias Checking Trusted Module
(ACTM) firmware for some Intel(R) Xeon(R) processors may allow a privileged
user to potentially enable escalation of privilege via local access.
CVE-2025-26403
Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) 6
processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user
to potentially enable escalation of privilege via local access.
CVE-2025-32086
Improperly implemented security check for standard in the DDRIO configuration
for some Intel(R) Xeon(R) 6 Processors when using Intel(R) SGX or Intel(R) TDX
may allow a privileged user to potentially enable escalation of privilege via
local access.
For Debian 10 buster, these problems have been fixed in version 3.20250812.1~deb10u1.
For Debian 9 stretch, these problems have been fixed in version 3.20250812.1~deb9u1.
We recommend that you upgrade your intel-microcode packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.