CVE-2025-20109

NameCVE-2025-20109
DescriptionImproper Isolation or Compartmentalization in the stream cache mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1110983

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
intel-microcode (PTS)bullseye/non-free3.20240813.1~deb11u1vulnerable
bullseye/non-free (security)3.20250512.1~deb11u1vulnerable
bookworm/non-free-firmware (security), bookworm/non-free-firmware3.20250512.1~deb12u1vulnerable
forky/non-free-firmware, trixie/non-free-firmware3.20250512.1vulnerable
sid/non-free-firmware3.20250812.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
intel-microcodesource(unstable)3.20250812.11110983

Notes

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01249.html
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
Search for package or bug name: Reporting problems