{ "document": { "aggregate_severity": { "text": "Medium" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/rhel7els/vex/2025/cve-2025-20012-els_os-rhel7els.json" } ], "tracking": { "current_release_date": "2026-06-13T02:59:54Z", "generator": { "date": "2026-06-13T02:59:54Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2025-20012-ELS_OS-RHEL7ELS", "initial_release_date": "2025-05-13T21:01:00Z", "revision_history": [ { "date": "2025-05-13T21:01:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-06-13T02:59:54Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "Security update on CVE-2025-20012" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux 7", "product": { "name": "Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7", "product_identification_helper": { "cpe": "cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "microcode_ctl-2:2.1-73.25.el7_9.x86_64", "product": { "name": "microcode_ctl-2:2.1-73.25.el7_9.x86_64", "product_id": "microcode_ctl-2:2.1-73.25.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/microcode_ctl@2.1-73.25.el7_9?arch=x86_64&epoch=2" } } }, { "category": "product_version", "name": "microcode_ctl-2:2.1-73.26.el7_9.x86_64", "product": { "name": "microcode_ctl-2:2.1-73.26.el7_9.x86_64", "product_id": "microcode_ctl-2:2.1-73.26.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/microcode_ctl@2.1-73.26.el7_9?arch=x86_64&epoch=2" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "microcode_ctl-2:2.1-73.25.el7_9.tuxcare.els1.x86_64", "product": { "name": "microcode_ctl-2:2.1-73.25.el7_9.tuxcare.els1.x86_64", "product_id": "microcode_ctl-2:2.1-73.25.el7_9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/microcode_ctl@2.1-73.25.el7_9.tuxcare.els1?arch=x86_64&epoch=2" } } }, { "category": "product_version", "name": "microcode_ctl-2:2.1-73.26.el7_9.tuxcare.els1.x86_64", "product": { "name": "microcode_ctl-2:2.1-73.26.el7_9.tuxcare.els1.x86_64", "product_id": "microcode_ctl-2:2.1-73.26.el7_9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/microcode_ctl@2.1-73.26.el7_9.tuxcare.els1?arch=x86_64&epoch=2" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "microcode_ctl-2:2.1-73.25.el7_9.tuxcare.els1.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:microcode_ctl-2:2.1-73.25.el7_9.tuxcare.els1.x86_64" }, "product_reference": "microcode_ctl-2:2.1-73.25.el7_9.tuxcare.els1.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "microcode_ctl-2:2.1-73.25.el7_9.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:microcode_ctl-2:2.1-73.25.el7_9.x86_64" }, "product_reference": "microcode_ctl-2:2.1-73.25.el7_9.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "microcode_ctl-2:2.1-73.26.el7_9.tuxcare.els1.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:microcode_ctl-2:2.1-73.26.el7_9.tuxcare.els1.x86_64" }, "product_reference": "microcode_ctl-2:2.1-73.26.el7_9.tuxcare.els1.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "microcode_ctl-2:2.1-73.26.el7_9.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:microcode_ctl-2:2.1-73.26.el7_9.x86_64" }, "product_reference": "microcode_ctl-2:2.1-73.26.el7_9.x86_64", "relates_to_product_reference": "Red-Hat-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-20012", "cwe": { "id": "CWE-696", "name": "Incorrect Behavior Order" }, "notes": [ { "category": "description", "text": "Incorrect behavior order for some Intel(R) Coreā„¢ Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "known_affected": [ "Red-Hat-7:microcode_ctl-2:2.1-73.25.el7_9.tuxcare.els1.x86_64", "Red-Hat-7:microcode_ctl-2:2.1-73.25.el7_9.x86_64", "Red-Hat-7:microcode_ctl-2:2.1-73.26.el7_9.tuxcare.els1.x86_64", "Red-Hat-7:microcode_ctl-2:2.1-73.26.el7_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-20012" } ], "release_date": "2025-05-13T21:01:00Z", "remediations": [ { "category": "no_fix_planned", "date": "2026-06-12T13:03:59.134949Z", "details": "This issue requires physical access to affected Intel Core Ultra systems and has high attack complexity, so it is not exploitable remotely or across VMs. Its impact is limited to confidentiality only, with no integrity or availability effects. Given that it targets mobile/desktop-oriented Core Ultra processors rather than typical server-grade CPUs and depends on hands-on access, it is a low-priority risk for centrally managed enterprise VM and server deployments.", "product_ids": [ "Red-Hat-7:microcode_ctl-2:2.1-73.25.el7_9.tuxcare.els1.x86_64", "Red-Hat-7:microcode_ctl-2:2.1-73.25.el7_9.x86_64", "Red-Hat-7:microcode_ctl-2:2.1-73.26.el7_9.tuxcare.els1.x86_64", "Red-Hat-7:microcode_ctl-2:2.1-73.26.el7_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red-Hat-7:microcode_ctl-2:2.1-73.25.el7_9.tuxcare.els1.x86_64", "Red-Hat-7:microcode_ctl-2:2.1-73.25.el7_9.x86_64", "Red-Hat-7:microcode_ctl-2:2.1-73.26.el7_9.tuxcare.els1.x86_64", "Red-Hat-7:microcode_ctl-2:2.1-73.26.el7_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }