ALAS-2025-2787

Amazon Linux 2 Security Advisory: ALAS-2025-2787
Advisory Release Date: 2025-02-26 23:16 Pacific
Advisory Updated Date: 2025-03-07 10:00 Pacific

Severity: Medium

References: CVE-2024-31068 CVE-2024-37020 CVE-2024-39279
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Improper Finite State Machines (FSMs) in Hardware Logic for some Intel(R) Processors may allow privileged user to potentially enable denial of service via local access. (CVE-2024-31068)

Sequence of processor instructions leads to unexpected behavior in the Intel(R) DSA V1.0 for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable denial of service via local access. (CVE-2024-37020)

Insufficient granularity of access control in UEFI firmware in some Intel(R) processors may allow a authenticated user to potentially enable denial of service via local access. (CVE-2024-39279)

Affected Packages:

microcode_ctl

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update microcode_ctl to update your system.
System reboot is required in order to complete this update.

New Packages:

i686:
    microcode_ctl-2.1-47.amzn2.4.23.i686
    microcode_ctl-debuginfo-2.1-47.amzn2.4.23.i686

src:
    microcode_ctl-2.1-47.amzn2.4.23.src

x86_64:
    microcode_ctl-2.1-47.amzn2.4.23.x86_64
    microcode_ctl-debuginfo-2.1-47.amzn2.4.23.x86_64

Additional References

Release Notes: Amazon Linux 2 Release Notes

Red Hat: CVE-2024-31068, CVE-2024-37020, CVE-2024-39279

Mitre: CVE-2024-31068, CVE-2024-37020, CVE-2024-39279

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS-2025-2787

Additional References