ucode-intel-20250812-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:16553 Final 1 1 2025-08-25T00:00:00Z current 2025-08-25T00:00:00Z 2025-08-25T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ucode-intel-20250812-1.1 on GA media These are all security issues fixed in the ucode-intel-20250812-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-16553 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-20053/ SUSE CVE CVE-2025-20053 page https://www.suse.com/security/cve/CVE-2025-20109/ SUSE CVE CVE-2025-20109 page https://www.suse.com/security/cve/CVE-2025-22839/ SUSE CVE CVE-2025-22839 page https://www.suse.com/security/cve/CVE-2025-22840/ SUSE CVE CVE-2025-22840 page https://www.suse.com/security/cve/CVE-2025-22889/ SUSE CVE CVE-2025-22889 page https://www.suse.com/security/cve/CVE-2025-26403/ SUSE CVE CVE-2025-26403 page https://www.suse.com/security/cve/CVE-2025-32086/ SUSE CVE CVE-2025-32086 page openSUSE Tumbleweed ucode-intel-20250812-1.1 ucode-intel-20250812-1.1 as a component of openSUSE Tumbleweed Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-20053 openSUSE Tumbleweed:ucode-intel-20250812-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-20053.html CVE-2025-20053 https://bugzilla.suse.com/1248438 SUSE Bug 1248438 Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2025-20109 openSUSE Tumbleweed:ucode-intel-20250812-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-20109.html CVE-2025-20109 https://bugzilla.suse.com/1248438 SUSE Bug 1248438 Insufficient granularity of access control in the OOB-MSM for some Intel(R) Xeon(R) 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. CVE-2025-22839 openSUSE Tumbleweed:ucode-intel-20250812-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-22839.html CVE-2025-22839 https://bugzilla.suse.com/1248438 SUSE Bug 1248438 Sequence of processor instructions leads to unexpected behavior for some Intel(R) Xeon(R) 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access CVE-2025-22840 openSUSE Tumbleweed:ucode-intel-20250812-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-22840.html CVE-2025-22840 https://bugzilla.suse.com/1248438 SUSE Bug 1248438 Improper handling of overlap between protected memory ranges for some Intel(R) Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-22889 openSUSE Tumbleweed:ucode-intel-20250812-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-22889.html CVE-2025-22889 https://bugzilla.suse.com/1248438 SUSE Bug 1248438 Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) 6 processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-26403 openSUSE Tumbleweed:ucode-intel-20250812-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-26403.html CVE-2025-26403 https://bugzilla.suse.com/1248438 SUSE Bug 1248438 Improperly implemented security check for standard in the DDRIO configuration for some Intel(R) Xeon(R) 6 Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-32086 openSUSE Tumbleweed:ucode-intel-20250812-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-32086.html CVE-2025-32086 https://bugzilla.suse.com/1248438 SUSE Bug 1248438