Packages
- intel-microcode - Processor microcode for Intel CPUs
Details
Barak Gross discovered that some Intel® Xeon® processors with SGX enabled
did not properly handle buffer restrictions. A local authenticated user
could potentially use this issue to escalate their privileges.
(CVE-2025-20053)
Avinash Maddy discovered that some Intel® processors did not properly
isolate or compartmentalize the stream cache mechanisms. A local
authenticated user could potentially use this issue to escalate their
privileges. (CVE-2025-20109)
Joseph Nuzman discovered that some Intel® Xeon® processors did not properly
manage references to active allocate resources. A local authenticated user
could potentially use this issue to cause a denial of service (system
crash). (CVE-2025-21090)
It was discovered that some Intel® Xeon® 6 processors did not properly
provide sufficient granularity of...
Barak Gross discovered that some Intel® Xeon® processors with SGX enabled
did not properly handle buffer restrictions. A local authenticated user
could potentially use this issue to escalate their privileges.
(CVE-2025-20053)
Avinash Maddy discovered that some Intel® processors did not properly
isolate or compartmentalize the stream cache mechanisms. A local
authenticated user could potentially use this issue to escalate their
privileges. (CVE-2025-20109)
Joseph Nuzman discovered that some Intel® Xeon® processors did not properly
manage references to active allocate resources. A local authenticated user
could potentially use this issue to cause a denial of service (system
crash). (CVE-2025-21090)
It was discovered that some Intel® Xeon® 6 processors did not properly
provide sufficient granularity of access control in the out of band
management service module (OOB-MSM). An authenticated user could
potentially use this issue to escalate their privileges. (CVE-2025-22839)
It was discovered that some Intel® Xeon® 6 Scalable processors did not
properly handle a specific sequence of processor instructions, leading to
unexpected behavior. A local authenticated user could potentially use this
issue to escalate their privileges. (CVE-2025-22840)
Joseph Nuzman discovered that some Intel® Xeon® 6 processors with Intel®
Trust Domain Extensions (Intel® TDX) did not properly handle overlap
between protected memory ranges. A local authenticated user could
potentially use this issue to escalate their privileges. (CVE-2025-22889)
Avraham Shalev discovered that some Intel® Xeon® processors did not
properly provide sufficient control flow management in the Alias Checking
Trusted Module (ACTM) firmware. A local authenticated user could
potentially use this issue to escalate their privileges. (CVE-2025-24305)
Aviv Eisen and Avraham Shalev discovered that some Intel® Xeon® 6
processors when using Intel® SGX or Intel® TDX did not properly protect
against out-of-bounds writes in the memory subsystem. A local authenticated
user could potentially use this issue to escalate their privileges.
(CVE-2025-26403)
Aviv Eisen and Avraham Shalev discovered that some Intel® Xeon® 6
processors when using Intel® SGX or Intel® TDX did not properly implement
security checks in the DDRIO configuration. A local authenticated user
could potentially use this issue to escalate their privileges.
(CVE-2025-32086)
Update instructions
After a standard system update you need to reboot your computer to make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 25.10 questing | intel-microcode – 3.20250812.0ubuntu0.25.10.1 | ||
| 25.04 plucky | intel-microcode – 3.20250812.0ubuntu0.25.04.1 | ||
| 24.04 LTS noble | intel-microcode – 3.20250812.0ubuntu0.24.04.1 | ||
| 22.04 LTS jammy | intel-microcode – 3.20250812.0ubuntu0.22.04.1 | ||
| 20.04 LTS focal | intel-microcode – 3.20250812.0ubuntu0.20.04.1+esm1 | ||
| 18.04 LTS bionic | intel-microcode – 3.20250812.0ubuntu0.18.04.1+esm1 | ||
| 16.04 LTS xenial | intel-microcode – 3.20250812.0ubuntu0.16.04.1+esm1 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.