Amazon Linux 2023 Security Advisory: ALAS2023-2025-1190
Advisory Released Date: 2025-09-15
Advisory Updated Date: 2025-09-15
Severity:
Important
References:
CVE-2025-20053
CVE-2025-21090
CVE-2025-24305
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2025-20053)
Missing reference to active allocated resource for some Intel(R) Xeon(R) processors may allow an authenticated user to potentially enable denial of service via local access. (CVE-2025-21090)
Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel(R) Xeon(R) processors may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2025-24305)
Affected Packages:
microcode_ctl
Issue Correction:
Run dnf update microcode_ctl --releasever 2023.8.20250915 or dnf update --advisory ALAS2023-2025-1190 --releasever 2023.8.20250915 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
src:
microcode_ctl-2.1-53.amzn2023.0.13.src
x86_64:
microcode_ctl-2.1-53.amzn2023.0.13.x86_64