Intel Xeon 6 TDX Privilege Escalation Vulnerability (CVE-2025-22889) Advisory

Key Vulnerability Information Intel ID: INTEL-SA-01311 Advisory Category: Vulnerability Impact of vulnerability: Privilege Escalation Severity rating: High Original release: 08/12/2025 Last revised: 08/12/2025 Vulnerability Overview Certain Intel® Xeon® 6 processors with Intel® Trust Domain Extensions (Intel® TDX) may be affected by a potential security vulnerability that allows privilege escalation via local access. Intel is releasing microcode updates to mitigate this potential vulnerability. Vulnerability Details CVE ID: CVE-2025-22889 Description: On certain Intel® Xeon® 6 processors, there may be improper handling of overlapping protected memory ranges in Intel® TDX, potentially allowing a privileged user to escalate privileges via local access. CVSS Base Score 3.1: 7.9 High CVSS Vector 3.1: AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N CVSS Base Score 4.0: 7.0 High CVSS Vector 4.0: AV:L/AC:L/AT:P/PR:H/UI:N/VCH:V/H/VA:NSC/VS:N/SA:N Affected Products Product Series: Intel® Xeon® 6 processor with P cores Platform: Birch Stream Vertical Market: Server CPU ID: AD6D1, 0x95, AD6E1, 0x20 Recommendations Intel recommends that users of affected Intel® Xeon® 6 processors update to the latest firmware versions provided by their system manufacturers to address these issues. Intel has released new microcode updates for supported Intel® Xeon® 6 processors, with details available in the public GitHub repository. Related Content 1. Microcode Public GitHub: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files 2. Microcode Loading Point: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/secure-coding/loading-microcode-os.html 3. Trusted Computing Base Recovery Intel Trusted Execution Environment Acknowledgments This issue was discovered by Intel employees. Intel thanks Joseph Nuzman for reporting this issue.

Goal Reached Thanks to every supporter — we hit 100%!

Intel Xeon 6 TDX Privilege Escalation Vulnerability (CVE-2025-22889) Advisory