1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5924-1] intel-microcode security update

    From Salvatore Bonaccorso@21:1/5 to All on Fri May 23 21:10:02 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5924-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso
    May 23, 2025 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : intel-microcode
    CVE ID : CVE-2024-28956 CVE-2024-43420 CVE-2024-45332 CVE-2025-20012
    CVE-2025-20054 CVE-2025-20103 CVE-2025-20623 CVE-2025-24495 Debian Bug : 1105172

    This update ships updated CPU microcode for some types of Intel CPUs. In particular it provides mitigations for the Indirect Target Selection
    (ITS) vulnerability (CVE-2024-28956) and the Branch Privilege Injection vulnerability (CVE-2024-45332).

    For CPUs affected to ITS (Indirect Target Selection), to fully mitigate
    the vulnerability it is also necessary to update the Linux kernel
    packages released in a separate, forthcoming DSA.

    For details on the Indirect Target Selection (ITS) vulnerability please
    refer to https://www.vusec.net/projects/training-solo/ and https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/indirect-target-selection.html .

    For details on the Branch Privilege Injection vulnerability please refer
    to https://comsec.ethz.ch/research/microarch/branch-privilege-injection/

    For the stable distribution (bookworm), these problems have been fixed in version 3.20250512.1~deb12u1.

    We recommend that you upgrade your intel-microcode packages.

    For the detailed security status of intel-microcode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/intel-microcode

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmgwxoVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Rrtg//dVak1i/7zQwc/6QQKyP9SfIubQs1o/coANl1UcokFOWh/SqRppsm0MVF MZltWVpO47Xg4FkNT1ulfsV5ag7F+dyRmLRz/5hzflxHR1MaZCrtErWlHPwTYLaU oYme71WdmL+HfclCsCi0D7PN6YiQL+9CoCWnIptXitwU+FKSJuLLIdsfEroIDVHk p15Ceuxqa7fuqH1HY56OCF34xR8Z6IgrOu5f3P1C7IX/WbwaReAlykSw2c84rzhV boHWUH/iekHwkLRg9TYESnALyNUfmgPu0d3fC5M/XvAbBcRFT7x6jAQE31hQzFbr f9TK06EK1RAu3ETTCuFsBX+D85xOpzhMKL3t9MyGPsKGm5liLmYmfjNHe/+M5F/N L1jKlgR+AOjJEYSqFyZXWLBgQDeeG7Bs5dT5t2CRN8sg7Xq1LDHze5eVXPa7VBal EHAjmk40wCRmgl6c5BolUgXfIhZa30SjNIAdFZ+P16Y+lZQzKT8H8eVth9ElwsF2 maz2FwdlXT6q8UEtLSrWskgExXP3CNqvdPi3XqGo1QSuEv7oTuI8RHpJNozpZLjE 3rIS02TefsNkWt54FhrH0rwImUiy53M58ma5Rf6qL9Peb6CbO6S894gHzcWfd6Sy YBbjWEwN5QxYknPj45zvziNqF2rGbx9L6nsm7KMaYiacjYsLPgU=
    =Nfoc
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)