Suggested advisory:
========================

The updated package updates AMD cpu microcode for processor family 19h, adds AMD cpu microcode for processor family 1ah and fixes security vulnerabilities for Intel processors:

Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel® Processors may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2025-20109)

Sequence of processor instructions leads to unexpected behavior for some Intel® Xeon® 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2025-22840)

Insufficient granularity of access control in the OOB-MSM for some Intel® Xeon® 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. (CVE-2025-22839)

Improper handling of overlap between protected memory ranges for some Intel® Xeon® 6 processor with Intel® TDX may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2025-22889)

Improper buffer restrictions for some Intel® Xeon® Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2025-20053)

Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel® Xeon® processors may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2025-24305)

Missing reference to active allocated resource for some Intel® Xeon® processors may allow an authenticated user to potentially enable denial of service via local access. (CVE-2025-21090)

Out-of-bounds write in the memory subsystem for some Intel® Xeon® 6 processors when using Intel® SGX or Intel® TDX may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2025-26403)

Improperly implemented security check for standard in the DDRIO configuration for some Intel® Xeon® 6 Processors when using Intel® SGX or Intel® TDX may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2025-32086)

References:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
========================

Updated package in nonfree/updates_testing:
========================
microcode-0.20250812-1.mga9.nonfree

from SRPM:
microcode-0.20250812-1.mga9.nonfree.src.rpm

Version: Cauldron => 9
Whiteboard: MGA9TOO => (none)
Status: NEW => ASSIGNED

MGA9-64 server Plasma Wayland on Compaq H000SB.
No installation issues.
Dual processor AMD E1-2100, Radeon HD 8210 graphics, Atheros wifi.
Did cold restart after update, all seems normal et first glance (checked wifi, video playback, NFS access to remote shares).

CC: (none) => herman.viaene

RH i586

installing microcode-0.20250812-1.mga9.nonfree.noarch.rpm from //home/katnatek/qa-testing/i586
Preparing...                     #######################################################################################
      1/1: microcode             #######################################################################################
dracut: dracut module 'systemd-initrd' depends on 'systemd', which can't be installed
dracut: dracut module 'ifcfg' depends on 'network', which can't be installed
dracut: dracut module 'systemd-initrd' depends on 'systemd', which can't be installed
dracut: dracut module 'dracut-systemd' depends on 'systemd-initrd', which can't be installed
dracut: dracut module 'ifcfg' depends on 'network', which can't be installed
      1/1: removing microcode-0.20250512-1.mga9.nonfree.noarch
                                 #######################################################################################

journalctl -xb | grep microcode
sep 13 16:29:30 cefiro kernel: MDS: Vulnerable: Clear CPU buffers attempted, no microcode
sep 13 16:29:30 cefiro kernel: microcode: Current revision: 0x000000a4
sep 13 16:29:30 cefiro kernel: microcode: Updated early from: 0x000000a3
sep 13 16:29:30 cefiro kernel: microcode: Microcode Update Driver: v2.2.

Looks consisten with previous updates bug#34279 comment#4

[root@localhost ~]# inxi -SC
System:
  Host: localhost Kernel: 6.6.105-desktop-1.mga9 arch: x86_64 bits: 64
  Console: pty pts/0 Distro: Mageia 9
CPU:
  Info: quad core model: Intel Core i5-7500 bits: 64 type: MCP cache:
    L2: 1024 KiB
  Speed (MHz): avg: 800 min/max: 800/3800 cores: 1: 800 2: 800 3: 800 4: 800


[root@localhost ~]# journalctl -xb | grep microcode
Sep 14 20:27:26 localhost.localdomain kernel: microcode: Current revision: 0x000000f8
Sep 14 20:27:26 localhost.localdomain kernel: microcode: Updated early from: 0x000000b4
Sep 14 20:27:26 localhost.localdomain kernel: microcode: Microcode Update Driver: v2.2.
The revision is the same as after another microcode update in April. I take that to mean that this processor is not affected by these changes.

No glitches in the system so far. I will use it for a couple of hours and report if something shows up.

CC: (none) => andrewsfarm

Installed and tested without issues.

Tested for a day of laptop usage.
Tested:
- normal desktop usage with lots of programs;
- wifi, Bluetooth;
- reboot, suspend, shutdowm;
- OpenGL, Vulkan, CUDA;
All is working. No issues found.



System: Mageia 9, x86_64, Plasma DE, Xorg, Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz, Quadro P600 Mobile using nVidia proprietary driver.



$ uname -a
Linux saturno 6.6.105-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Wed Sep 10 13:53:34 UTC 2025 x86_64 GNU/Linux
$ rpm -q microcode
microcode-0.20250812-1.mga9.nonfree
$ inxi -SMCGN
System:
  Host: saturno Kernel: 6.6.105-desktop-1.mga9 arch: x86_64 bits: 64
  Desktop: KDE Plasma v: 5.27.10 Distro: Mageia 9
Machine:
  Type: Laptop System: FUJITSU product: CELSIUS H780 v: N/A
    serial: <superuser required>
  Mobo: FUJITSU model: FJNBB5D v: 757383-01R9800096
    serial: <superuser required> UEFI: FUJITSU // Insyde v: Version 1.21
    date: 09/14/2022
CPU:
  Info: 6-core model: Intel Core i7-8750H bits: 64 type: MT MCP cache:
    L2: 1.5 MiB
  Speed (MHz): avg: 800 min/max: 800/4100 cores: 1: 800 2: 800 3: 800 4: 800
    5: 800 6: 800 7: 800 8: 800 9: 800 10: 800 11: 800 12: 800
Graphics:
  Device-1: NVIDIA GP107GLM [Quadro P600 Mobile] driver: nvidia v: 580.82.07
  Device-2: Chicony Integrated Camera driver: uvcvideo type: USB
  Display: x11 server: X.org v: 1.21.1.8 with: Xwayland v: 22.1.9 driver: X:
    loaded: nvidia,v4l gpu: nvidia,nvidia-nvswitch resolution: 1920x1080~60Hz
  API: EGL v: 1.5 drivers: nvidia,swrast
    platforms: gbm,x11,surfaceless,device
  API: OpenGL v: 4.6.0 compat-v: 4.5 vendor: nvidia mesa v: 580.82.07
    renderer: Quadro P600/PCIe/SSE2
  API: Vulkan v: 1.3.231 drivers: nvidia,llvmpipe surfaces: xcb,xlib
Network:
  Device-1: Intel Cannon Lake PCH CNVi WiFi driver: iwlwifi
  Device-2: Intel Ethernet I219-LM driver: e1000e

CC: (none) => mageia

RH x86_64
installing microcode-0.20250812-1.mga9.nonfree.noarch.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/1: microcode             ##################################################################################################
dracut: dracut module 'systemd-initrd' depends on 'systemd', which can't be installed
dracut: dracut module 'rngd' depends on 'systemd', which can't be installed
dracut: dracut module 'ifcfg' depends on 'network', which can't be installed
dracut: dracut module 'systemd-initrd' depends on 'systemd', which can't be installed
dracut: dracut module 'dracut-systemd' depends on 'systemd-initrd', which can't be installed
dracut: dracut module 'rngd' depends on 'systemd', which can't be installed
dracut: dracut module 'ifcfg' depends on 'network', which can't be installed
      1/1: removing microcode-0.20250512-1.mga9.nonfree.noarch
                                 ##################################################################################################
Reboot

journalctl -xb | grep microcode
sep 15 19:49:01 jgrey.phoenix kernel: MDS: Vulnerable: Clear CPU buffers attempted, no microcode
sep 15 19:49:01 jgrey.phoenix kernel: microcode: Current revision: 0x00000007
sep 15 19:49:01 jgrey.phoenix kernel: microcode: Updated early from: 0x00000002
sep 15 19:49:01 jgrey.phoenix kernel: microcode: Microcode Update Driver: v2.2.

Looks consisten with previous updates bug#34279 comment#3

Intel model: NUC12WSBi7
12-core (4-mt/8-st) 12th Gen Intel Core i7-1260P

6.6.103-desktop-1.mga9

$ journalctl -xb | grep microcode
Sep 16 08:35:50 yildun kernel: microcode: Current revision: 0x00000437
Sep 16 08:35:50 yildun kernel: microcode: Updated early from: 0x00000421
Sep 16 08:35:50 yildun kernel: microcode: Microcode Update Driver: v2.2.

After update:
$ journalctl -xb | grep microcode
Sep 16 08:47:32 yildun kernel: microcode: Current revision: 0x00000437
Sep 16 08:47:32 yildun kernel: microcode: Updated early from: 0x00000421
Sep 16 08:47:32 yildun kernel: microcode: Microcode Update Driver: v2.2.

So, probably not relevant for this CPU.

CC: (none) => tarazed25

6.6.105-desktop-1.mga9
8-core AMD Ryzen 7 5700U

Updated OK.
$ journalctl -xb | grep microcode
Sep 16 07:53:38 rutilicus kernel: microcode: Current revision: 0x08608108
Sep 16 07:53:38 rutilicus kernel: microcode: Updated early from: 0x08608103
Sep 16 07:53:38 rutilicus kernel: microcode: Microcode Update Driver: v2.2.
Sep 16 07:53:41 rutilicus kernel: em28xx 3-1.3:1.0:         microcode start address = 0x0004, boot configuration = 0x01

Not relevant here probably.  The system runs normally after reboot.

This looks good, what you think Thomas?

Been using it for about a month now. Validating.

Whiteboard: (none) => MGA9-64-OK MGA9-32-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

ping

CC: (none) => dan

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0236.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED