Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Ubuntu 24.10, 22.04 LTS USN-7269-1: critical DoS in Intel Microcode

Calendar Feb 17, 2025 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service security update Ubuntu update instructions local attack ubuntu intel microcode February 2025
Several security issues were fixed in Intel Microcode. 
==========================================================================
Ubuntu Security Notice USN-7269-1
February 17, 2025

intel-microcode vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Intel Microcode.

Software Description:
- intel-microcode: Processor microcode for Intel CPUs

Details:

Ke Sun, Paul Grosen and Alyssa Milburn discovered that some Intel®
Processors did not properly implement Finite State Machines (FSMs) in
Hardware Logic. A local privileged attacker could use this issue to cause a
denial of service.  (CVE-2024-31068)

It was discovered that some Intel® Processors with Intel® SGX did not
properly restrict access to the EDECCSSA user leaf function. A local
authenticated attacker could use this issue to cause a denial of
service. (CVE-2024-36293)

Ke Sun, Alyssa Milburn, Benoit Morgan, and Erik Bjorge discovered that the
UEFI firmware for some Intel® processors did not properly restrict
access. An authenticated local attacker could use this issue to cause a
denial of service. (CVE-2024-39279)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
  intel-microcode                 3.20250211.0ubuntu0.24.10.1

Ubuntu 22.04 LTS
  intel-microcode                 3.20250211.0ubuntu0.22.04.1

Ubuntu 20.04 LTS
  intel-microcode                 3.20250211.0ubuntu0.20.04.1

Ubuntu 18.04 LTS
  intel-microcode                 3.20250211.0ubuntu0.18.04.1+esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  intel-microcode                 3.20250211.0ubuntu0.16.04.1+esm1
                                  Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7269-1
  CVE-2024-31068, CVE-2024-36293, CVE-2024-39279

Package Information:
  https://launchpad.net/ubuntu/+source/intel-microcode/3.20250211.0ubuntu0.24.10.1
  https://launchpad.net/ubuntu/+source/intel-microcode/3.20250211.0ubuntu0.22.04.1
  https://launchpad.net/ubuntu/+source/intel-microcode/3.20250211.0ubuntu0.20.04.1

Ubuntu 24.10, 22.04 LTS USN-7269-1: critical DoS in Intel Microcode

ubuntu
Calendar Grey February 17, 2025
Dist Ubuntu Esm H88
Intel processor firmware flaws in Ubuntu necessitate prompt action and patches to maintain system security.
Several security issues were fixed in Intel Microcode.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Intel Microcode. Software Description: - intel-microcode: Processor microcode for Intel CPUs Details: Ke Sun, Paul Grosen and Alyssa Milburn discovered that some Intel® Processors did not properly implement Finite State Machines (FSMs) in Hardware Logic. A local privileged attacker could use this issue to cause a denial of service. (CVE-2024-31068) It was discovered that some Intel® Processors with Intel® SGX did not properly restrict access to the EDECCSSA user leaf function. A local authenticated attacker could use this issue to cause a denial of service. (CVE-2024-36293) Ke Sun, Alyssa Milburn, Benoit Morgan, and Erik Bjorge discovered that the UEFI firmware for some Intel® processors did not properly restrict access. An authentica...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service security update Ubuntu update instructions local attack ubuntu intel microcode February 2025

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 intel-microcode 3.20250211.0ubuntu0.24.10.1 Ubuntu 22.04 LTS intel-microcode 3.20250211.0ubuntu0.22.04.1 Ubuntu 20.04 LTS intel-microcode 3.20250211.0ubuntu0.20.04.1 Ubuntu 18.04 LTS intel-microcode 3.20250211.0ubuntu0.18.04.1+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS intel-microcode 3.20250211.0ubuntu0.16.04.1+esm1 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7269-1

CVE-2024-31068, CVE-2024-36293, CVE-2024-39279

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7269-1

Topics%20covered

Topics Covered

security advisory denial of service security update Ubuntu update instructions local attack ubuntu intel microcode February 2025

Package Information

https://launchpad.net/ubuntu/+source/intel-microcode/3.20250211.0ubuntu0.24.10.1 https://launchpad.net/ubuntu/+source/intel-microcode/3.20250211.0ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/intel-microcode/3.20250211.0ubuntu0.20.04.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here