#VU109171 Incorrect behavior order in Intel products - CVE-2025-20012


Vulnerability identifier: #VU109171

Vulnerability risk: Low

CVSSv4.0: 0.6 [CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-20012

CWE-ID: CWE-696

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Intel Core Ultra 5
Hardware solutions / Firmware
Intel Core Ultra 7
Hardware solutions / Firmware
Intel Core Ultra 9
Hardware solutions / Firmware

Vendor: Intel

Description
The vulnerability allows a local attacker to gain access to sensitive information on the system. The vulnerability exists due to incorrect behavior order. An attacker with physical access can disclose sensitive information on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Intel Core Ultra 5: All versions

Intel Core Ultra 7: All versions

Intel Core Ultra 9: All versions

External links
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01322.html

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Anolis OS update for microcode_ctl
Red Hat Enterprise Linux 9 update for microcode_ctl
Red Hat Enterprise Linux 9 update for microcode_ctl
Red Hat Enterprise Linux 9 update for microcode_ctl
SUSE update for ucode-intel
Ubuntu update for intel-microcode
Fedora 42 update for microcode_ctl
Fedora 41 update for microcode_ctl
Debian update for intel-microcode
SUSE update for ucode-intel