Accepted intel-microcode 3.20250812.1 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted intel-microcode 3.20250812.1 (source) into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sat, 13 Sep 2025 22:32:24 +0000
Message-id: <[🔎] E1uxYnA-0049p8-1S@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 13 Sep 2025 18:30:55 -0300
Source: intel-microcode
Architecture: source
Version: 3.20250812.1
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh <hmh@debian.org>
Changed-By: Henrique de Moraes Holschuh <hmh@debian.org>
Closes: 1110983 1112168
Changes:
 intel-microcode (3.20250812.1) unstable; urgency=medium
 .
   [ Henrique de Moraes Holschuh ]
   * New upstream microcode datafile 20250812 (closes: #1110983, #1112168)
     - Mitgations for INTEL-SA-01249 (processor Stream Cache):
       CVE-2025-20109: Improper Isolation or Compartmentalization in the
       stream cache mechanism for some Intel Processors may allow an
       authenticated user to potentially enable escalation of privilege via
       local access.  Intel also disclosed that several processors models
       had already received this mitigation on the previous microcode
       release, 20250512.
     - Mitigations for INTEL-SA-01308:
       CVE-2025-22840: Sequence of processor instructions leads to
       unexpected behavior for some Intel Xeon 6 Scalable processors may
       allow an authenticated user to potentially enable escalation of
       privilege via local access.
     - Mitigations for INTEL-SA-01310 (OOBM services module):
       CVE-2025-22839: Insufficient granularity of access control in the
       OOB-MSM for some Intel Xeon 6 Scalable processors may allow a
       privileged user to potentially enable escalation of privilege via
       adjacent access.
     - Mitigations for INTEL-SA-01311 (Intel TDX):
       CVE-2025-22889: Improper handling of overlap between protected
       memory ranges for some Intel Xeon 6 processors with Intel TDX may
       allow a privileged user to potentially enable escalation of
       privilege via local access.
     - Mitigations for INTEL-SA-01313:
       CVE-2025-20053: Improper buffer restrictions for some Intel Xeon
       Processor firmware with SGX enabled may allow a privileged user to
       potentially enable escalation of privilege via local access.
       CVE-2025-21090: Missing reference to active allocated resource for
       some Intel Xeon processors may allow an authenticated user to
       potentially enable denial of service via local access.
       CVE-2025-24305: Insufficient control flow management in the Alias
       Checking Trusted Module (ACTM) firmware for some Intel Xeon
       processors may allow a privileged user to potentially enable
       escalation of privilege via local access.
     - Mitigations for INTEL-SA-01367 (Intel SGX, TDX):
       CVE-2025-26403: Out-of-bounds write in the memory subsystem for some
       Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow
       a privileged user to potentially enable escalation of privilege via
       local access.
       CVE-2025-32086: Improperly implemented security check for standard
       in the DDRIO configuration for some Intel Xeon 6 Processors when
       using Intel SGX or Intel TDX may allow a privileged user to
       potentially enable escalation of privilege via local access.
     - Fixes for unspecified functional issues on several Intel Core and
       Intel Xeon processor models.
   * Updated microcodes:
     sig 0x000606a6, pf_mask 0x87, 2025-03-11, rev 0xd000410, size 309248
     sig 0x000606c1, pf_mask 0x10, 2025-03-06, rev 0x10002e0, size 301056
     sig 0x000806f8, pf_mask 0x87, 2025-04-04, rev 0x2b000643, size 592896
     sig 0x000806f7, pf_mask 0x87, 2025-04-04, rev 0x2b000643
     sig 0x000806f6, pf_mask 0x87, 2025-04-04, rev 0x2b000643
     sig 0x000806f5, pf_mask 0x87, 2025-04-04, rev 0x2b000643
     sig 0x000806f4, pf_mask 0x87, 2025-04-04, rev 0x2b000643
     sig 0x000806f8, pf_mask 0x10, 2025-04-08, rev 0x2c000401, size 625664
     sig 0x000806f6, pf_mask 0x10, 2025-04-08, rev 0x2c000401
     sig 0x000806f5, pf_mask 0x10, 2025-04-08, rev 0x2c000401
     sig 0x000806f4, pf_mask 0x10, 2025-04-08, rev 0x2c000401
     sig 0x000a06a4, pf_mask 0xe6, 2025-03-19, rev 0x0025, size 140288
     sig 0x000a06d1, pf_mask 0x95, 2025-05-15, rev 0x10003d0, size 1667072
     sig 0x000a06d1, pf_mask 0x20, 2025-05-15, rev 0xa000100, size 1638400
     sig 0x000a06f3, pf_mask 0x01, 2025-05-03, rev 0x3000362, size 1530880
     sig 0x000b06a2, pf_mask 0xe0, 2025-02-24, rev 0x4129, size 224256
     sig 0x000b06a3, pf_mask 0xe0, 2025-02-24, rev 0x4129
     sig 0x000b06a8, pf_mask 0xe0, 2025-02-24, rev 0x4129
     sig 0x000b06d1, pf_mask 0x80, 2025-05-21, rev 0x0123, size 80896
     sig 0x000c0662, pf_mask 0x82, 2025-05-14, rev 0x0119, size 90112
     sig 0x000c06a2, pf_mask 0x82, 2025-05-14, rev 0x0119
     sig 0x000c0652, pf_mask 0x82, 2025-05-14, rev 0x0119
     sig 0x000c0664, pf_mask 0x82, 2025-05-14, rev 0x0119
     sig 0x000c06f2, pf_mask 0x87, 2025-04-15, rev 0x210002b3, size 564224
     sig 0x000c06f1, pf_mask 0x87, 2025-04-15, rev 0x210002b3
   * update entry for 3.20250512.1 with new information
   * source: update symlinks to reflect id of the latest release, 20250812
 .
   [ Ben Hutchings ]
   * debian/tests/initramfs: Update to work with forky's initramfs-tools.
     In version 0.149 of initramfs-tools, unmkinitramfs was changed to no
     longer create early/ and main/ subdirectories.  Update the microcode
     file check to work with both old and new behaviours.
Checksums-Sha1:
 e30dc625db1cf7226f2cfc20fb2c43767fe9fd3b 1879 intel-microcode_3.20250812.1.dsc
 9394d6f6839d2197be6d963fd326eaffd269e524 11999812 intel-microcode_3.20250812.1.tar.xz
 8e955f29fd137aef21bb0ae18fbd1e078dcb8fa3 6722 intel-microcode_3.20250812.1_amd64.buildinfo
Checksums-Sha256:
 0bf24f919efec6af0608cc479b2d2d098ff5ad4120109b710fc2d7f4a8c10ea4 1879 intel-microcode_3.20250812.1.dsc
 9db8c9d34ee07938500e12c61c1a96815fdccab8e268658736a0afbb5caca2c7 11999812 intel-microcode_3.20250812.1.tar.xz
 e68162d2be622d8ad9f5e17d7ce479746b6e9309808a345311ee8e7a02f7274b 6722 intel-microcode_3.20250812.1_amd64.buildinfo
Files:
 03334881bb9461ef3fa5a575fd37d828 1879 non-free-firmware/admin standard intel-microcode_3.20250812.1.dsc
 0dc7aa4d659abadf97bb095c2a2985da 11999812 non-free-firmware/admin standard intel-microcode_3.20250812.1.tar.xz
 bf31b5468001fd64e695ef0b37b418a1 6722 non-free-firmware/admin standard intel-microcode_3.20250812.1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpvbMGUAhfu+gsYOwlOXoPKamj0cFAmjF5rEACgkQlOXoPKam
j0dgJw/+N1xFYF6yOJbx6mTUZyWjmJvpfvYA0X6OmRO08knHJhv/8JOQ6lPM65aW
cfc3HqArQL6wLxuL3kGFYaGlXHepS5L9VOcDIC+D59kiKkFSATguFJIP1pAROlBk
lCT5VOpZ3cQNFbbD8RgKZg4o7+aI21tsOQVS+ZGhXaMoiMCroDFEPW8KTxl7apMr
P7TtZ6ISDxMPYu66CKKMod/SChw4lQzth55+ece33jhg7kCbjH+ZSh0+zZTKgJzJ
iXC1PRN3L1zTKXZh6XcF0gchGthvoNTNKBuVSnPYqn9pu3KD2HWLJRlJfYCrcrAa
p0skg+YmWmzysYavRkF/PlSaDRp/MfVLnoW31v9xH98vMpu6SE62sWZdutuOSakp
7a6Czufc2TSjykFwLU+xqRRw7jfsn672Du+OHXdtoPqVq0cqAd0Zv7UppRzwACkA
lBCJHI3LGtuzB/n+PI5lbLIDPx2xZnsrjc+dtrtJuffQyAy2i+pU4jmEEJ2oST31
n4mc9bARiXjpTLdL9slSLelLjKRxqQQ3aYcbb/DHeMN0n/6qFFs5gOnGBp0wthzm
9jSWzSqdtWYyY+lTudyzaUR+oDlseog5gD0gQwrSnCSy5NS5ctaVYMRnobNYIR1s
Tn4KPRwEjnCHaPKn8j36JIB9l7yZMZil75rXWA0Ijls55R9t71c=
=gFTK
-----END PGP SIGNATURE-----

Attachment: pgpLH2eH_qXxf.pgp
Description: PGP signature

Reply to:

Prev by Date: Accepted golang-github-bsphere-le-go 0.0~git20200109.0.fc06dab-1 (source) into unstable
Next by Date: Accepted kshutdown 6.0-1 (source) into unstable
Previous by thread: Accepted golang-github-bsphere-le-go 0.0~git20200109.0.fc06dab-1 (source) into unstable
Next by thread: Accepted kshutdown 6.0-1 (source) into unstable
Index(es):
- Date
- Thread