ALAS2023-2025-1209

References: CVE-2025-22839  CVE-2025-22840  CVE-2025-22889  CVE-2025-26403  CVE-2025-32086 
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Insufficient granularity of access control in the OOB-MSM for some Intel(R) Xeon(R) 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. (CVE-2025-22839)

Sequence of processor instructions leads to unexpected behavior for some Intel(R) Xeon(R) 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access (CVE-2025-22840)

Improper handling of overlap between protected memory ranges for some Intel(R) Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2025-22889)

Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) 6 processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2025-26403)

Improperly implemented security check for standard in the DDRIO configuration for some Intel(R) Xeon(R) 6 Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2025-32086)

Issue Correction:
Run dnf update microcode_ctl --releasever 2023.9.20250929 or dnf update --advisory ALAS2023-2025-1209 --releasever 2023.9.20250929 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:

src:
    microcode_ctl-2.1-53.amzn2023.0.14.src

x86_64:
    microcode_ctl-2.1-53.amzn2023.0.14.x86_64