USN-7269-1: Intel Microcode vulnerabilities

17 February 2025

Several security issues were fixed in Intel Microcode.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Packages

Details

Ke Sun, Paul Grosen and Alyssa Milburn discovered that some Intel®
Processors did not properly implement Finite State Machines (FSMs) in
Hardware Logic. A local privileged attacker could use this issue to cause a
denial of service. (CVE-2024-31068)

It was discovered that some Intel® Processors with Intel® SGX did not
properly restrict access to the EDECCSSA user leaf function. A local
authenticated attacker could use this issue to cause a denial of
service. (CVE-2024-36293)

Ke Sun, Alyssa Milburn, Benoit Morgan, and Erik Bjorge discovered that the
UEFI firmware for some Intel® processors did not properly restrict
access. An authenticated local attacker could use this issue to cause a
denial of service. (CVE-2024-39279)

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 24.10
Ubuntu 22.04
Ubuntu 20.04
Ubuntu 18.04
Ubuntu 16.04

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

Join the discussion

Need help with your security needs?

Ubuntu Pro provides up to ten-year security coverage for over 23,000 open-source packages within the Ubuntu Main and Universe repositories.

Talk to an expert to find out what would work best for you

Further reading