Bug 34279 - microcode new security issues CVE-2024-28956, CVE-2025-20103, CVE-2025-20054, CVE-2024-43420, CVE-2025-20623, CVE-2024-45332, CVE-2025-24495, CVE-2025-20012
Summary: microcode new security issues CVE-2024-28956, CVE-2025-20103, CVE-2025-20054,...
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-32-OK MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2025-05-15 14:03 CEST by Nicolas Salguero
Modified: 2025-05-23 22:07 CEST (History)
5 users (show)

See Also:
Source RPM: microcode-0.20250211-2.mga9.nonfree.src.rpm
CVE: CVE-2024-28956, CVE-2025-20103, CVE-2025-20054, CVE-2024-43420, CVE-2025-20623, CVE-2024-45332, CVE-2025-24495, CVE-2025-20012
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2025-05-15 14:03:31 CEST 
The issues are fixed upstream in 20250512:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
Nicolas Salguero 2025-05-15 14:04:39 CEST

Whiteboard: (none) => MGA9TOO
CVE: (none) => CVE-2024-28956, CVE-2025-20103, CVE-2025-20054, CVE-2024-43420, CVE-2025-20623, CVE-2024-45332, CVE-2025-24495, CVE-2025-20012
Source RPM: (none) => microcode-0.20250211-2.mga10.nonfree.src.rpm, microcode-0.20250211-2.mga9.nonfree.src.rpm

Comment 1 Nicolas Salguero 2025-05-15 14:28:18 CEST 
Suggested advisory:
========================

The updated package fixes security vulnerabilities:

Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2024-28956)

Insufficient resource pool in the core management mechanism for some Intel® Processors may allow an authenticated user to potentially enable denial of service via local access. (CVE-2025-20103)

Uncaught exception in the core management mechanism for some Intel® Processors may allow an authenticated user to potentially enable denial of service via local access. (CVE-2025-20054)

Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom® processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2024-43420)

Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel® Core™ processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2025-20623)

Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2024-45332)

Incorrect initialization of resource in the branch prediction unit for some Intel® Core™ Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2025-24495)

Incorrect behavior order for some Intel® Core™ Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access. (CVE-2025-20012)

References:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
========================

Updated package in nonfree/updates_testing:
========================
microcode-0.20250512-1.mga9.nonfree

from SRPM:
microcode-0.20250512-1.mga9.nonfree.src.rpm

Version: Cauldron => 9
Source RPM: microcode-0.20250211-2.mga10.nonfree.src.rpm, microcode-0.20250211-2.mga9.nonfree.src.rpm => microcode-0.20250211-2.mga9.nonfree.src.rpm
Whiteboard: MGA9TOO => (none)
Status: NEW => ASSIGNED
Assignee: bugsquad => qa-bugs

Comment 2 Herman Viaene 2025-05-16 10:56:32 CEST 
MGA9-64 Plasma Wayland on Compaq H000SB.
Dual processor AMD E1-2100, Radeon HD 8210 graphics, Atheros wifi.
No installation issues.
Did cold restart after update, all seems normal et first glance (checked wifi, video playback, NFS access to remote shares).

CC: (none) => herman.viaene

katnatek 2025-05-16 21:49:33 CEST

Keywords: (none) => advisory

Comment 3 katnatek 2025-05-16 22:09:00 CEST 
RH x86_64

installing microcode-0.20250512-1.mga9.nonfree.noarch.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/1: microcode             ##################################################################################################
dracut: dracut module 'systemd-initrd' depends on 'systemd', which can't be installed
dracut: dracut module 'rngd' depends on 'systemd', which can't be installed
dracut: dracut module 'ifcfg' depends on 'network', which can't be installed
dracut: dracut module 'systemd-initrd' depends on 'systemd', which can't be installed
dracut: dracut module 'dracut-systemd' depends on 'systemd-initrd', which can't be installed
dracut: dracut module 'rngd' depends on 'systemd', which can't be installed
dracut: dracut module 'ifcfg' depends on 'network', which can't be installed
      1/1: removing microcode-0.20250211-2.mga9.nonfree.noarch
                                 ##################################################################################################

Reboot

journalctl -xb | grep microcode
may 16 13:57:49 jgrey.phoenix kernel: MDS: Vulnerable: Clear CPU buffers attempted, no microcode
may 16 13:57:49 jgrey.phoenix kernel: microcode: Current revision: 0x00000007
may 16 13:57:49 jgrey.phoenix kernel: microcode: Updated early from: 0x00000002
may 16 13:57:49 jgrey.phoenix kernel: microcode: Microcode Update Driver: v2.2.


OK for me
Comment 4 katnatek 2025-05-17 03:27:46 CEST 
RH i586

Get with some other updates

Reboot

rpm -q microcode
microcode-0.20250512-1.mga9.nonfree


journalctl -xb | grep microcode
may 16 19:19:54 cefiro kernel: MDS: Vulnerable: Clear CPU buffers attempted, no microcode
may 16 19:19:54 cefiro kernel: microcode: Current revision: 0x000000a4
may 16 19:19:54 cefiro kernel: microcode: Updated early from: 0x000000a3
may 16 19:19:54 cefiro kernel: microcode: Microcode Update Driver: v2.2.

OK for me
Comment 5 Thomas Andrews 2025-05-18 00:47:51 CEST 
MGA9-64 Plasma. No installation issues.

$ inxi -C
CPU:
  Info: quad core model: Intel Core i5-7500 bits: 64 type: MCP cache:
    L2: 1024 KiB
  Speed (MHz): avg: 800 min/max: 800/3800 cores: 1: 800 2: 800 3: 800 4: 800
 

# journalctl -xb | grep microcode
May 17 18:26:17 localhost.localdomain kernel: microcode: Current revision: 0x000000f8
May 17 18:26:17 localhost.localdomain kernel: microcode: Updated early from: 0x000000b4
May 17 18:26:17 localhost.localdomain kernel: microcode: Microcode Update Driver: v2.2.

Tried a few things, no issues noted.

CC: (none) => andrewsfarm

Comment 6 Thomas Andrews 2025-05-19 13:21:10 CEST 
This update only concerns Intel processors, and newer ones at that. However...

MGA9-64 Plasma on an HP Pavilion 15. No installation issues.

inxi -C
CPU:
  Info: quad core model: AMD A8-4555M APU with Radeon HD Graphics bits: 64
    type: MT MCP cache: L2: 4 MiB
  Speed (MHz): avg: 1600 min/max: 1100/1600 cores: 1: 1600 2: 1600 3: 1600
    4: 1600

# journalctl -xb | grep microcode
May 19 09:11:07 localhost.localdomain kernel: microcode: Current revision: 0x06001119
May 19 09:11:07 localhost.localdomain kernel: microcode: Updated early from: 0x06001119
May 19 09:11:07 localhost.localdomain kernel: microcode: Microcode Update Driver: v2.2.

Used this for a couple of days now, no issues noted.
Comment 7 Brian Rockwell 2025-05-20 04:10:44 CEST 
MGA9-64, Xfce, Celeron N2840, Chromebook

The following package is going to be installed:

- microcode-0.20250512-1.mga9.nonfree.noarch


--- rebooted


spent a number of hours on it and system is operating as expected.

CC: (none) => brtians1

Comment 8 Morgan Leijström 2025-05-21 10:13:56 CEST 
Working on my workstation
Been using it several days
identical outputs as Comment 5
Intel Core i7 870
Yes, old.

Also in use in a couple old 64 bit laptops

CC: (none) => fri

Comment 9 Thomas Andrews 2025-05-22 22:01:31 CEST 
MGA9-64 Plasma.

$ inxi -C
CPU:
  Info: quad core model: Intel Core i5-7500 bits: 64 type: MCP cache:
    L2: 1024 KiB
  Speed (MHz): avg: 800 min/max: 800/3800 cores: 1: 800 2: 800 3: 800 4: 800

No installation issues. Looking at the reference it appears my cpu is not affected, but...

# journalctl -xb | grep microcode
May 22 15:37:22 localhost.localdomain kernel: microcode: Current revision: 0x000000f8
May 22 15:37:22 localhost.localdomain kernel: microcode: Updated early from: 0x000000b4
May 22 15:37:22 localhost.localdomain kernel: microcode: Microcode Update Driver: v2.2.

Using it the last few days while trying to get access to Bugzilla. Looks OK.

Giving this OKs and validating.

CC: (none) => sysadmin-bugs
Whiteboard: (none) => MGA9-32-OK MGA9-64-OK
Keywords: (none) => validated_update

Comment 10 Mageia Robot 2025-05-23 22:07:44 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0160.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.