Security update for ucode-intel

Announcement ID:	SUSE-SU-2025:20092-1
Release Date:	2025-02-03T09:11:18Z
Rating:	important
References:	bsc#1233313
Cross-References:	CVE-2024-21820 CVE-2024-21853 CVE-2024-23918 CVE-2024-23984 CVE-2024-24968
CVSS scores:	CVE-2024-21820 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N CVE-2024-21820 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N CVE-2024-21820 ( NVD ): 8.5 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2024-21820 ( NVD ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N CVE-2024-21853 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2024-21853 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-21853 ( NVD ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2024-21853 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-23918 ( SUSE ): 8.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVE-2024-23918 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2024-23918 ( NVD ): 8.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2024-23918 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2024-23984 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N CVE-2024-23984 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N CVE-2024-23984 ( NVD ): 6.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2024-23984 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N CVE-2024-24968 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2024-24968 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2024-24968 ( NVD ): 5.6 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2024-24968 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
Affected Products:	SUSE Linux Micro 6.0

An update that solves five vulnerabilities can now be installed.

Description:

This update for ucode-intel fixes the following issues:

Intel CPU Microcode was updated to the 20241112 release (bsc#1233313)
CVE-2024-21853: Faulty finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel Xeon Processors may allow an authorized user to potentially enable denial of service via local access.
CVE-2024-23918: Improper conditions check in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-21820: Incorrect default permissions in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in some Intel Processors may allow an privileged user to potentially enable a denial of service via local access.
CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel Processors may allow a privileged user to potentially enable information disclosure via local access.
Update for functional issues.

Updated Platforms:

Processor	Stepping	F-M-S/PI	Old Ver	New Ver	Products
ADL	C0	06-97-02/07	00000036	00000037	Core Gen12
ADL	H0	06-97-05/07	00000036	00000037	Core Gen12
ADL	L0	06-9a-03/80	00000434	00000435	Core Gen12
ADL	R0	06-9a-04/80	00000434	00000435	Core Gen12
EMR-SP	A0	06-cf-01/87	21000230	21000283	Xeon Scalable Gen5
EMR-SP	A1	06-cf-02/87	21000230	21000283	Xeon Scalable Gen5
MTL	C0	06-aa-04/e6	0000001f	00000020	Core™ Ultra Processor
RPL-H/P/PX 6+8	J0	06-ba-02/e0	00004122	00004123	Core Gen13
RPL-HX/S	C0	06-bf-02/07	00000036	00000037	Core Gen13/Gen14
RPL-S	H0	06-bf-05/07	00000036	00000037	Core Gen13/Gen14
RPL-U 2+8	Q0	06-ba-03/e0	00004122	00004123	Core Gen13
SPR-SP	E3	06-8f-06/87	2b0005c0	2b000603	Xeon Scalable Gen4
SPR-SP	E4/S2	06-8f-07/87	2b0005c0	2b000603	Xeon Scalable Gen4
SPR-SP	E5/S3	06-8f-08/87	2b0005c0	2b000603	Xeon Scalable Gen4

New Disclosures Updated in Prior Releases:

Processor	Stepping	F-M-S/PI	Old Ver	New Ver	Products
ICL-D	B0	06-6c-01/10	010002b0	N/A	Xeon D-17xx/D-18xx, D-27xx/D-28xx
ICX-SP	Dx/M1	06-6a-06/87	0d0003e7	N/A	Xeon Scalable Gen3

Intel CPU Microcode was updated to the 20241029 release Update for functional issues.

Updated Platforms:

Processor	Stepping	F-M-S/PI	Old Ver	New Ver	Products
RPL-E/HX/S	B0	06-b7-01/32	00000129	0000012b	Core Gen13/Gen14

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

SUSE Linux Micro 6.0
zypper in -t patch SUSE-SLE-Micro-6.0-189=1

Package List:

SUSE Linux Micro 6.0 (x86_64)
- ucode-intel-20241112-1.1

Security update for ucode-intel

Description:

Special Instructions and Notes:

Patch Instructions:

Package List:

References: