ALAS2023-2025-991

Amazon Linux 2023 Security Advisory: ALAS2023-2025-991
Advisory Released Date: 2025-06-02
Advisory Updated Date: 2025-06-02
Severity: Medium
Issue Overview:

A potential security vulnerability in some Intel(r) Processors may allow information disclosure. Intel is releasing microcode updates and prescriptive guidance to mitigate this potential vulnerability.

Info: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01153.html (CVE-2024-28956)

Potential security vulnerabilities in some Intel(r) Processor indirect branch predictors may allow information disclosure. Intel is releasing microcode updates to mitigate these potential vulnerabilities.

Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html (CVE-2024-45332)

Potential security vulnerabilities in some Intel(r) Processors may allow denial of service. Intel is releasing microcode updates to mitigate these potential vulnerabilities.

Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01244.html (CVE-2025-20054)

Potential security vulnerabilities in some Intel(r) Processors may allow denial of service. Intel is releasing microcode updates to mitigate these potential vulnerabilities.

Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01244.html (CVE-2025-20103)


Affected Packages:

microcode_ctl


Issue Correction:
Run dnf update microcode_ctl --releasever 2023.7.20250527 to update your system.
System reboot is required in order to complete this update.

New Packages:
src:
    microcode_ctl-2.1-53.amzn2023.0.12.src

x86_64:
    microcode_ctl-2.1-53.amzn2023.0.12.x86_64

Additional References

Release Notes:  Amazon Linux 2023 Release Notes

Red Hat: CVE-2024-28956, CVE-2024-45332, CVE-2025-20054, CVE-2025-20103

Mitre: CVE-2024-28956, CVE-2024-45332, CVE-2025-20054, CVE-2025-20103