操作系统--麒麟信安操作系统,国产操作系统,麒麟信安云桌面—

公告ID (KylinSec-SA-2025-2845)

摘要:

microcode_ctl security update

安全等级: High

公告ID: KylinSec-SA-2025-2845

发布日期: 2025年8月27日

关联CVE: CVE-2025-21090 CVE-2025-22840 CVE-2025-24305 CVE-2025-26403 CVE-2025-22889 CVE-2025-20053 CVE-2025-20109 CVE-2025-32086 CVE-2025-22839

详细介绍

1. 漏洞描述

Security Fix(es):

Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2025-20053)

Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.(CVE-2025-20109)

Missing reference to active allocated resource for some Intel(R) Xeon(R) processors may allow an authenticated user to potentially enable denial of service via local access.(CVE-2025-21090)

Insufficient granularity of access control in the OOB-MSM for some Intel(R) Xeon(R) 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access.(CVE-2025-22839)

Sequence of processor instructions leads to unexpected behavior for some Intel(R) Xeon(R) 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access(CVE-2025-22840)

Improper handling of overlap between protected memory ranges for some Intel(R) Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2025-22889)

Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel(R) Xeon(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2025-24305)

Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) 6 processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2025-26403)

Improperly implemented security check for standard in the DDRIO configuration for some Intel(R) Xeon(R) 6 Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2025-32086)

2. 影响范围

cve名称	产品	组件	是否受影响
CVE-2025-21090	KY3.4-5A	microcode_ctl	Fixed
CVE-2025-21090	KY3.5.3	microcode_ctl	Fixed
CVE-2025-21090	V6	microcode_ctl	Fixed
CVE-2025-21090	KY3.5.2	microcode_ctl	Fixed
CVE-2025-22840	KY3.4-5A	microcode_ctl	Fixed
CVE-2025-22840	KY3.5.3	microcode_ctl	Fixed
CVE-2025-22840	V6	microcode_ctl	Fixed
CVE-2025-22840	KY3.5.2	microcode_ctl	Fixed
CVE-2025-24305	KY3.4-5A	microcode_ctl	Fixed
CVE-2025-24305	KY3.5.3	microcode_ctl	Fixed
CVE-2025-24305	V6	microcode_ctl	Fixed
CVE-2025-24305	KY3.5.2	microcode_ctl	Fixed
CVE-2025-26403	KY3.4-5A	microcode_ctl	Fixed
CVE-2025-26403	KY3.5.3	microcode_ctl	Fixed
CVE-2025-26403	V6	microcode_ctl	Fixed
CVE-2025-26403	KY3.5.2	microcode_ctl	Fixed
CVE-2025-22889	KY3.4-5A	microcode_ctl	Fixed
CVE-2025-22889	KY3.5.3	microcode_ctl	Fixed
CVE-2025-22889	V6	microcode_ctl	Fixed
CVE-2025-22889	KY3.5.2	microcode_ctl	Fixed
CVE-2025-20053	KY3.4-5A	microcode_ctl	Fixed
CVE-2025-20053	KY3.5.3	microcode_ctl	Fixed
CVE-2025-20053	V6	microcode_ctl	Fixed
CVE-2025-20053	KY3.5.2	microcode_ctl	Fixed
CVE-2025-20109	KY3.4-5A	microcode_ctl	Fixed
CVE-2025-20109	KY3.5.3	microcode_ctl	Fixed
CVE-2025-20109	V6	microcode_ctl	Fixed
CVE-2025-20109	KY3.5.2	microcode_ctl	Fixed
CVE-2025-32086	KY3.4-5A	microcode_ctl	Fixed
CVE-2025-32086	KY3.5.3	microcode_ctl	Fixed
CVE-2025-32086	V6	microcode_ctl	Fixed
CVE-2025-32086	KY3.5.2	microcode_ctl	Fixed
CVE-2025-22839	KY3.4-5A	microcode_ctl	Fixed
CVE-2025-22839	KY3.5.3	microcode_ctl	Fixed
CVE-2025-22839	V6	microcode_ctl	Fixed
CVE-2025-22839	KY3.5.2	microcode_ctl	Fixed

3. 影响组件

microcode_ctl

4. 修复版本

KY3.4-5A

软件名称	架构	版本号
microcode_ctl	x86_64	20250812-1.kb1.ky3_4

V6

软件名称	架构	版本号
microcode_ctl	x86_64	20250812-1.ks6

KY3.5.3

软件名称	架构	版本号
microcode_ctl	x86_64	20250812-1.ky3_5

KY3.5.2

软件名称	架构	版本号
microcode_ctl	x86_64	20250812-1.ky3_5

5. 修复方法

方法一：下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存，如 xxx.rpm
2、通过rpm命令升级，如 rpm -Uvh xxx.rpm

方法二：通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包，如 yum install 包名

6. 下载链接

KY3.4-5A:

x86_64:

microcode_ctl

aarch64:

V6:

x86_64:

microcode_ctl

aarch64:

KY3.5.3:

x86_64:

microcode_ctl

aarch64:

KY3.5.2:

x86_64:

microcode_ctl

aarch64:

上一篇:KylinSec-SA-2025-2829 下一篇:KylinSec-SA-2025-2847

操作系统+

1. 漏洞描述

2. 影响范围

3. 影响组件

4. 修复版本

KY3.4-5A

V6

KY3.5.3

KY3.5.2

5. 修复方法

6. 下载链接

KY3.4-5A:

x86_64:

aarch64:

V6:

x86_64:

aarch64:

KY3.5.3:

x86_64:

aarch64:

KY3.5.2:

x86_64:

aarch64:

产品中心

解决方案

技术支持

生态与合作

分支机构