SB2025101613 - Anolis OS update for microcode_ctl
Published: October 16, 2025
Security Bulletin ID
SB2025101613
CSH Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Physical access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Incorrect behavior order (CVE-ID: CVE-2025-20012)
CWE-ID: CWE-696 - Incorrect Behavior Order
CVSSv4: CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to gain access to sensitive information on the system. The vulnerability exists due to incorrect behavior order. An attacker with physical access can disclose sensitive information on the target system.
Remediation
Install update from vendor's website.