-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 18 Oct 2025 15:41:39 -0300
Source: intel-microcode
Architecture: source
Version: 3.20250812.1~deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: Henrique de Moraes Holschuh <hmh@debian.org>
Changed-By: Henrique de Moraes Holschuh <hmh@debian.org>
Closes: 1110983 1112168
Changes:
 intel-microcode (3.20250812.1~deb13u1) trixie-security; urgency=medium
 .
   * Security upload, no changes.
 .
 intel-microcode (3.20250812.1) unstable; urgency=medium
 .
   [ Henrique de Moraes Holschuh ]
   * New upstream microcode datafile 20250812 (closes: #1110983, #1112168)
     - Mitgations for INTEL-SA-01249 (processor Stream Cache):
       CVE-2025-20109: Improper Isolation or Compartmentalization in the
       stream cache mechanism for some Intel Processors may allow an
       authenticated user to potentially enable escalation of privilege via
       local access.  Intel also disclosed that several processors models
       had already received this mitigation on the previous microcode
       release, 20250512.
     - Mitigations for INTEL-SA-01308:
       CVE-2025-22840: Sequence of processor instructions leads to
       unexpected behavior for some Intel Xeon 6 Scalable processors may
       allow an authenticated user to potentially enable escalation of
       privilege via local access.
     - Mitigations for INTEL-SA-01310 (OOBM services module):
       CVE-2025-22839: Insufficient granularity of access control in the
       OOB-MSM for some Intel Xeon 6 Scalable processors may allow a
       privileged user to potentially enable escalation of privilege via
       adjacent access.
     - Mitigations for INTEL-SA-01311 (Intel TDX):
       CVE-2025-22889: Improper handling of overlap between protected
       memory ranges for some Intel Xeon 6 processors with Intel TDX may
       allow a privileged user to potentially enable escalation of
       privilege via local access.
     - Mitigations for INTEL-SA-01313:
       CVE-2025-20053: Improper buffer restrictions for some Intel Xeon
       Processor firmware with SGX enabled may allow a privileged user to
       potentially enable escalation of privilege via local access.
       CVE-2025-21090: Missing reference to active allocated resource for
       some Intel Xeon processors may allow an authenticated user to
       potentially enable denial of service via local access.
       CVE-2025-24305: Insufficient control flow management in the Alias
       Checking Trusted Module (ACTM) firmware for some Intel Xeon
       processors may allow a privileged user to potentially enable
       escalation of privilege via local access.
     - Mitigations for INTEL-SA-01367 (Intel SGX, TDX):
       CVE-2025-26403: Out-of-bounds write in the memory subsystem for some
       Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow
       a privileged user to potentially enable escalation of privilege via
       local access.
       CVE-2025-32086: Improperly implemented security check for standard
       in the DDRIO configuration for some Intel Xeon 6 Processors when
       using Intel SGX or Intel TDX may allow a privileged user to
       potentially enable escalation of privilege via local access.
     - Fixes for unspecified functional issues on several Intel Core and
       Intel Xeon processor models.
   * Updated microcodes:
     sig 0x000606a6, pf_mask 0x87, 2025-03-11, rev 0xd000410, size 309248
     sig 0x000606c1, pf_mask 0x10, 2025-03-06, rev 0x10002e0, size 301056
     sig 0x000806f8, pf_mask 0x87, 2025-04-04, rev 0x2b000643, size 592896
     sig 0x000806f7, pf_mask 0x87, 2025-04-04, rev 0x2b000643
     sig 0x000806f6, pf_mask 0x87, 2025-04-04, rev 0x2b000643
     sig 0x000806f5, pf_mask 0x87, 2025-04-04, rev 0x2b000643
     sig 0x000806f4, pf_mask 0x87, 2025-04-04, rev 0x2b000643
     sig 0x000806f8, pf_mask 0x10, 2025-04-08, rev 0x2c000401, size 625664
     sig 0x000806f6, pf_mask 0x10, 2025-04-08, rev 0x2c000401
     sig 0x000806f5, pf_mask 0x10, 2025-04-08, rev 0x2c000401
     sig 0x000806f4, pf_mask 0x10, 2025-04-08, rev 0x2c000401
     sig 0x000a06a4, pf_mask 0xe6, 2025-03-19, rev 0x0025, size 140288
     sig 0x000a06d1, pf_mask 0x95, 2025-05-15, rev 0x10003d0, size 1667072
     sig 0x000a06d1, pf_mask 0x20, 2025-05-15, rev 0xa000100, size 1638400
     sig 0x000a06f3, pf_mask 0x01, 2025-05-03, rev 0x3000362, size 1530880
     sig 0x000b06a2, pf_mask 0xe0, 2025-02-24, rev 0x4129, size 224256
     sig 0x000b06a3, pf_mask 0xe0, 2025-02-24, rev 0x4129
     sig 0x000b06a8, pf_mask 0xe0, 2025-02-24, rev 0x4129
     sig 0x000b06d1, pf_mask 0x80, 2025-05-21, rev 0x0123, size 80896
     sig 0x000c0662, pf_mask 0x82, 2025-05-14, rev 0x0119, size 90112
     sig 0x000c06a2, pf_mask 0x82, 2025-05-14, rev 0x0119
     sig 0x000c0652, pf_mask 0x82, 2025-05-14, rev 0x0119
     sig 0x000c0664, pf_mask 0x82, 2025-05-14, rev 0x0119
     sig 0x000c06f2, pf_mask 0x87, 2025-04-15, rev 0x210002b3, size 564224
     sig 0x000c06f1, pf_mask 0x87, 2025-04-15, rev 0x210002b3
   * update entry for 3.20250512.1 with new information
   * source: update symlinks to reflect id of the latest release, 20250812
 .
   [ Ben Hutchings ]
   * debian/tests/initramfs: Update to work with forky's initramfs-tools.
     In version 0.149 of initramfs-tools, unmkinitramfs was changed to no
     longer create early/ and main/ subdirectories.  Update the microcode
     file check to work with both old and new behaviours.
Checksums-Sha1:
 043c258749f634b13efba5ce4046b90490685afd 1932 intel-microcode_3.20250812.1~deb13u1.dsc
 a0f795312c2344aa4be08047d3c31bfff811440e 12001704 intel-microcode_3.20250812.1~deb13u1.tar.xz
 f450a128aca3f7f660a52d3ce857e6d1d4e63566 6179 intel-microcode_3.20250812.1~deb13u1_source.buildinfo
Checksums-Sha256:
 a551fdc3c696f9d7bb2e36786b7119b3c22621db3edaf5e79f3decad555f866a 1932 intel-microcode_3.20250812.1~deb13u1.dsc
 93a8e350766cf84c5debb109e4bb13e842abae13ae4302ecd8ac3d8276818b43 12001704 intel-microcode_3.20250812.1~deb13u1.tar.xz
 7655099567a29d5aecae60354365af67607aa3f4dc7d82d4305e7afaf1d81e9e 6179 intel-microcode_3.20250812.1~deb13u1_source.buildinfo
Files:
 d3dc12a81cac47d4e864e9657d9be862 1932 non-free-firmware/admin standard intel-microcode_3.20250812.1~deb13u1.dsc
 aff08237c540d9c357046da7d6757f51 12001704 non-free-firmware/admin standard intel-microcode_3.20250812.1~deb13u1.tar.xz
 44174dbd11e5fc428dbfceba52fc219c 6179 non-free-firmware/admin standard intel-microcode_3.20250812.1~deb13u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEEpvbMGUAhfu+gsYOwlOXoPKamj0cFAmjz7uEPHGhtaEBkZWJp
YW4ub3JnAAoJEJTl6Dympo9H0U4QAJEXXRljT2STImkE/DxcTxt3F62OU5PoNA+o
pYnKxTp9U3W0Y8TgBLws27HIwNktdaQBbBntudbEeiBFb3MTTOF122lUC5sEha7/
rSdC2baFTGS1VScSGmVqRZIamrOU8OVVSPMbNToTTYaPp+xVhmi2tMrPRw5n08LP
ggCVDeSd9pf2kcrOcQNDxjdchn18TooXQAk5R0wCY8nfGi6Pe2yWDqabhjHKX0Dp
yePH8Laza0PP2dvKn/Gje/SDz5UCwHngFizjULqLWK/x6i8HnFDhcZsH/ErqmvL8
eiW3yxssrO+kSN+TmrrG5Dr04AAiq+JDRV2oCGtCzW06tWz1mHJtb9nCXu53BeYo
3p88BhHtCRUP+FydZG5IeP4xtEFA+sqq1pJW4Wd/kA/37QUxwilp9p+lpVlm/Gt0
vYKjgVv8sZ4F2SuwbJJhtyfOZIw46LfyzRTayv8Ur6pEOsQ29RdOixJ7jyG1i3Yf
b+4wSux4RZF9SL8kgSrTGE1+7QX2fgUCIgrzjH+5lpKq2nKzoLuFo6OoSCksGRKv
MgTsCdgz5ej0i8B/vwsoe3q8XXcMHkqpdzECB9haF2iirgSo8s+IJF/h4n3VKYyz
QawpabCNwoXOG7HVTywGfcTAoCgbRZ588QUdwmswh8bAU6dKqucxRTOSwQXjZZqT
6+VOHW8b
=9co0
-----END PGP SIGNATURE-----