INFSA-2025:7043: microcode_ctl security update
Information about definition
Identificator: INFSA-2025:7043
Type: security
Release date: 2025-06-10 08:50:06 UTC
Information about package
The microcode_ctl packages provide microcode updates for Intel and AMD processors.
Vulnerabilities description
- CVE-2024-28047
Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
- CVE-2024-31157
Improper initialization in UEFI firmware OutOfBandXML module in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
- CVE-2024-39279
Insufficient granularity of access control in UEFI firmware in some Intel(R) processors may allow a authenticated user to potentially enable denial of service via local access.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-28047
|
no information | 5.3 | no information |
|
NIST — CVE-2024-31157
|
no information | 5.3 | no information |
|
NIST — CVE-2024-39279
|
no information | 6.5 | no information |
Updated packages