microcode_ctl-20250211-1.el9_6

The microcode_ctl packages provide microcode updates for Intel and AMD processors.

Security Fix(es):

* microcode_ctl: Improper input validation in UEFI firmware (CVE-2024-28047)
* microcode_ctl: Insufficient granularity of access control in UEFI firmware (CVE-2024-39279)
* microcode_ctl: mproper initialization in UEFI firmware OutOfBandXML module (CVE-2024-31157)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the MIRACLE LINUX 9 Release Notes linked from the References section.

CVE-2024-28047
Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
CVE-2024-31157
Improper initialization in UEFI firmware OutOfBandXML module in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
CVE-2024-39279
Insufficient granularity of access control in UEFI firmware in some Intel(R) processors may allow a authenticated user to potentially enable denial of service via local access.