CVE-2024-28047

Publication date 12 February 2025

Last updated 19 February 2025

Ubuntu priority

Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
intel-microcode	24.10 oracular	Ignored not fixable by OS microcode
	24.04 LTS noble	Ignored not fixable by OS microcode
	22.04 LTS jammy	Ignored not fixable by OS microcode
	20.04 LTS focal	Ignored not fixable by OS microcode
	18.04 LTS bionic	Ignored not fixable by OS microcode
	16.04 LTS xenial	Ignored not fixable by OS microcode

How can I get the fixes?
What do statuses mean?

Notes

alexmurray

There is no evidence that this CVE can be addressed by a microcode update from the OS itself, only from the BIOS

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2024-28047
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01139.html
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250211
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01139.html