========================================================================== Ubuntu Security Notice USN-7269-2 February 24, 2025
intel-microcode vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS Summary: Several security issues were fixed in Intel Microcode. Software Description: - intel-microcode: Processor microcode for Intel CPUs Details: USN-7269-1 fixed vulnerabilities in Intel Microcode. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: Ke Sun, Paul Grosen and Alyssa Milburn discovered that some Intel® Processors did not properly implement Finite State Machines (FSMs) in Hardware Logic. A local privileged attacker could use this issue to cause a denial of service. (CVE-2024-31068) It was discovered that some Intel® Processors with Intel® SGX did not properly restrict access to the EDECCSSA user leaf function. A local authenticated attacker could use this issue to cause a denial of service. (CVE-2024-36293) Ke Sun, Alyssa Milburn, Benoit Morgan, and Erik Bjorge discovered that the UEFI firmware for some Intel® processors did not properly restrict access. An authenticated local attacker could use this issue to cause a denial of service. (CVE-2024-39279) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS intel-microcode 3.20250211.0ubuntu0.24.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7269-2 https://ubuntu.com/security/notices/USN-7269-1 CVE-2024-31068, CVE-2024-36293, CVE-2024-39279 Package Information: https://launchpad.net/ubuntu/+source/intel-microcode/3.20250211.0ubuntu0.24.04.1
signature.asc
Description: PGP signature
