Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <>
Subject: Accepted intel-microcode 3.20250812.1~deb12u1 (source) into oldstable-security
Date: Wed, 22 Oct 2025 16:34:01 +0000
Signed by: Henrique de Moraes Holschuh <hmh@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 18 Oct 2025 17:20:18 -0300
Source: intel-microcode
Architecture: source
Version: 3.20250812.1~deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Henrique de Moraes Holschuh <hmh@debian.org>
Changed-By: Henrique de Moraes Holschuh <hmh@debian.org>
Closes: 1110983 1112168
Changes:
 intel-microcode (3.20250812.1~deb12u1) bookworm-security; urgency=medium
 .
   * Backport to bookworm-security
   * debian/rules: revert use of /usr/lib/firmware for deb12
 .
 intel-microcode (3.20250812.1) unstable; urgency=medium
 .
   [ Henrique de Moraes Holschuh ]
   * New upstream microcode datafile 20250812 (closes: #1110983, #1112168)
     - Mitgations for INTEL-SA-01249 (processor Stream Cache):
       CVE-2025-20109: Improper Isolation or Compartmentalization in the
       stream cache mechanism for some Intel Processors may allow an
       authenticated user to potentially enable escalation of privilege via
       local access.  Intel also disclosed that several processors models
       had already received this mitigation on the previous microcode
       release, 20250512.
     - Mitigations for INTEL-SA-01308:
       CVE-2025-22840: Sequence of processor instructions leads to
       unexpected behavior for some Intel Xeon 6 Scalable processors may
       allow an authenticated user to potentially enable escalation of
       privilege via local access.
     - Mitigations for INTEL-SA-01310 (OOBM services module):
       CVE-2025-22839: Insufficient granularity of access control in the
       OOB-MSM for some Intel Xeon 6 Scalable processors may allow a
       privileged user to potentially enable escalation of privilege via
       adjacent access.
     - Mitigations for INTEL-SA-01311 (Intel TDX):
       CVE-2025-22889: Improper handling of overlap between protected
       memory ranges for some Intel Xeon 6 processors with Intel TDX may
       allow a privileged user to potentially enable escalation of
       privilege via local access.
     - Mitigations for INTEL-SA-01313:
       CVE-2025-20053: Improper buffer restrictions for some Intel Xeon
       Processor firmware with SGX enabled may allow a privileged user to
       potentially enable escalation of privilege via local access.
       CVE-2025-21090: Missing reference to active allocated resource for
       some Intel Xeon processors may allow an authenticated user to
       potentially enable denial of service via local access.
       CVE-2025-24305: Insufficient control flow management in the Alias
       Checking Trusted Module (ACTM) firmware for some Intel Xeon
       processors may allow a privileged user to potentially enable
       escalation of privilege via local access.
     - Mitigations for INTEL-SA-01367 (Intel SGX, TDX):
       CVE-2025-26403: Out-of-bounds write in the memory subsystem for some
       Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow
       a privileged user to potentially enable escalation of privilege via
       local access.
       CVE-2025-32086: Improperly implemented security check for standard
       in the DDRIO configuration for some Intel Xeon 6 Processors when
       using Intel SGX or Intel TDX may allow a privileged user to
       potentially enable escalation of privilege via local access.
     - Fixes for unspecified functional issues on several Intel Core and
       Intel Xeon processor models.
   * Updated microcodes:
     sig 0x000606a6, pf_mask 0x87, 2025-03-11, rev 0xd000410, size 309248
     sig 0x000606c1, pf_mask 0x10, 2025-03-06, rev 0x10002e0, size 301056
     sig 0x000806f8, pf_mask 0x87, 2025-04-04, rev 0x2b000643, size 592896
     sig 0x000806f7, pf_mask 0x87, 2025-04-04, rev 0x2b000643
     sig 0x000806f6, pf_mask 0x87, 2025-04-04, rev 0x2b000643
     sig 0x000806f5, pf_mask 0x87, 2025-04-04, rev 0x2b000643
     sig 0x000806f4, pf_mask 0x87, 2025-04-04, rev 0x2b000643
     sig 0x000806f8, pf_mask 0x10, 2025-04-08, rev 0x2c000401, size 625664
     sig 0x000806f6, pf_mask 0x10, 2025-04-08, rev 0x2c000401
     sig 0x000806f5, pf_mask 0x10, 2025-04-08, rev 0x2c000401
     sig 0x000806f4, pf_mask 0x10, 2025-04-08, rev 0x2c000401
     sig 0x000a06a4, pf_mask 0xe6, 2025-03-19, rev 0x0025, size 140288
     sig 0x000a06d1, pf_mask 0x95, 2025-05-15, rev 0x10003d0, size 1667072
     sig 0x000a06d1, pf_mask 0x20, 2025-05-15, rev 0xa000100, size 1638400
     sig 0x000a06f3, pf_mask 0x01, 2025-05-03, rev 0x3000362, size 1530880
     sig 0x000b06a2, pf_mask 0xe0, 2025-02-24, rev 0x4129, size 224256
     sig 0x000b06a3, pf_mask 0xe0, 2025-02-24, rev 0x4129
     sig 0x000b06a8, pf_mask 0xe0, 2025-02-24, rev 0x4129
     sig 0x000b06d1, pf_mask 0x80, 2025-05-21, rev 0x0123, size 80896
     sig 0x000c0662, pf_mask 0x82, 2025-05-14, rev 0x0119, size 90112
     sig 0x000c06a2, pf_mask 0x82, 2025-05-14, rev 0x0119
     sig 0x000c0652, pf_mask 0x82, 2025-05-14, rev 0x0119
     sig 0x000c0664, pf_mask 0x82, 2025-05-14, rev 0x0119
     sig 0x000c06f2, pf_mask 0x87, 2025-04-15, rev 0x210002b3, size 564224
     sig 0x000c06f1, pf_mask 0x87, 2025-04-15, rev 0x210002b3
   * update entry for 3.20250512.1 with new information
   * source: update symlinks to reflect id of the latest release, 20250812
 .
   [ Ben Hutchings ]
   * debian/tests/initramfs: Update to work with forky's initramfs-tools.
     In version 0.149 of initramfs-tools, unmkinitramfs was changed to no
     longer create early/ and main/ subdirectories.  Update the microcode
     file check to work with both old and new behaviours.
Checksums-Sha1:
 4f6e6dc14fa9fbfc85547ce08c2118c109180160 1854 intel-microcode_3.20250812.1~deb12u1.dsc
 1f5d001021b4c0f961e5023f3f277a0886817cc7 12005588 intel-microcode_3.20250812.1~deb12u1.tar.xz
 e7478ec2539231615b30d54fca518eb34a7f337b 6179 intel-microcode_3.20250812.1~deb12u1_source.buildinfo
Checksums-Sha256:
 3f87b6df9e1c826f4890d376b70a102ea66b69e1bfe435f6c946f250ee3fd1e3 1854 intel-microcode_3.20250812.1~deb12u1.dsc
 08baee7f63099a5b96ad20043b7f008bbf67f902c34c3f9e683099e0eef13d8a 12005588 intel-microcode_3.20250812.1~deb12u1.tar.xz
 37e2709e0ae22ed4be4c1d3ee73589c2ef4b4966d2d1cb8f80d25f097de75787 6179 intel-microcode_3.20250812.1~deb12u1_source.buildinfo
Files:
 1c038beb8838f372d3ebabc1a6d6bb68 1854 non-free-firmware/admin standard intel-microcode_3.20250812.1~deb12u1.dsc
 c0fe28494f62bc4fa78de515aef78dcf 12005588 non-free-firmware/admin standard intel-microcode_3.20250812.1~deb12u1.tar.xz
 2bdc5d2698c5a4688d18d4a66676a35d 6179 non-free-firmware/admin standard intel-microcode_3.20250812.1~deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEEpvbMGUAhfu+gsYOwlOXoPKamj0cFAmjz+BkPHGhtaEBkZWJp
YW4ub3JnAAoJEJTl6Dympo9HwNQP/1d6eYGjp0h38nPgJElWsG/dhPVaae+eqTSM
PJkniNHVd2HlUNpCVik24BUH1clUEkowUyI0rpMl+c47lJQncAr92O5JVFaiEoW5
Yi9la1xrX7E9Xa0aj/ayPNr16VUHaMJR6I/K+w4rh8equmtEFfJDVtsA6klPyJqK
krtLIdri4hz4/Zlh3BtbXZMUCoMpK2dz9yzl/IfGd8guWyp4fZnci8EassgBDfEv
/Ll1s8jzFwWskw69+v/UjAd3a1FLc8LNsEabGTFwe6XEtfXe9IBuA5GIG4k3bXDB
KgRJ63H/GB6gut8/B1Ml8pr3S6tp+mjcZG5s9CuZhDFauq1viM5JhBUdV2zrvZBT
3Pq3Sq/LqfREuk0dyEGmsVaOrKk2bZQU7zLshgyuu+IhcJ8v+Gknq+oZErxTbiTB
98KGkkliCwGdcgGC93jrcbLDzmH9np3FLDBJsryfHWIZLonTkxzlHO6Wxk8jBCdu
vh+z6bKIQw5yI+VHuDAOnJGbxVSyHuWv3Dfv9UWmp1aUwJ/hLxwCUWDOhqN2rSJq
UJ3mPVyg1zcbrGBCMxg/QY1qwHGbtCaA6q7+faOrRwbj8E99fw4yLfwRF7xYWwMr
AdXbwTW+0sffuS5iSQhV/x5sHt52UfsE4XkGiCJBd8hhiqOR7qvcMsa7pujZMz/Z
28Nv9RnW
=08xm
-----END PGP SIGNATURE-----
News for package intel-microcode
