openEuler update for microcode_ctl
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 12 |
| CVE-ID | CVE-2023-34440 CVE-2023-43758 CVE-2024-24582 CVE-2024-28047 CVE-2024-28127 CVE-2024-29214 CVE-2024-31068 CVE-2024-31157 CVE-2024-36293 CVE-2024-37020 CVE-2024-39279 CVE-2024-39355 |
| CWE-ID | CWE-20 CWE-665 CWE-284 CWE-1281 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
openEuler Operating systems & Components / Operating system microcode_ctl Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 12 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU104033
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-34440
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A local administrator can pass specially crafted input to the application and gain elevated privileges.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
microcode_ctl: before 20250211-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:microcode_ctl:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1171
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU104031
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-43758
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A local administrator can pass specially crafted input to the application and gain elevated privileges.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
microcode_ctl: before 20250211-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:microcode_ctl:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1171
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU104036
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-24582
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in XmlCli feature. A local administrator can pass specially crafted input to the application and gain elevated privileges.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
microcode_ctl: before 20250211-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:microcode_ctl:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1171
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU104041
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-28047
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input. A local administrator can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
microcode_ctl: before 20250211-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:microcode_ctl:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1171
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU104038
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-28127
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A local administrator can pass specially crafted input to the application and gain elevated privileges.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
microcode_ctl: before 20250211-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:microcode_ctl:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1171
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU104037
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-29214
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in CseVariableStorageSmm. A local administrator can pass specially crafted input to the application and gain elevated privileges.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
microcode_ctl: before 20250211-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:microcode_ctl:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1171
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU104106
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-31068
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper Finite State Machines (FSMs) in Hardware Logic. A local administrator can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
microcode_ctl: before 20250211-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:microcode_ctl:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1171
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper Initialization
EUVDB-ID: #VU104040
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-31157
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper initialization in OutOfBandXML module. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
microcode_ctl: before 20250211-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:microcode_ctl:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1171
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper access control
EUVDB-ID: #VU104108
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36293
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the EDECCSSA user leaf function. A local user can bypass implemented security restrictions and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
microcode_ctl: before 20250211-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:microcode_ctl:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1171
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Sequence of processor instructions leads to unexpected behavior
EUVDB-ID: #VU104007
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-37020
CWE-ID:
CWE-1281 - Sequence of Processor Instructions Leads to Unexpected Behavior
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an error related to processing of Sequence of processor instructions. A local user can cause a denial of service condition on the target system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
microcode_ctl: before 20250211-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:microcode_ctl:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1171
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Input validation error
EUVDB-ID: #VU104039
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39279
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient granularity of access control. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
microcode_ctl: before 20250211-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:microcode_ctl:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1171
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU107010
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39355
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper handling of physical or environmental conditions in Intel processors. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
microcode_ctl: before 20250211-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:microcode_ctl:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1171
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
