Bug#1127837: marked as done (intel-microcode: CVE-2025-31648 / INTEL-SA-01396)

Sat, 14 Feb 2026 06:21:15 -0800 

Your message dated Sat, 14 Feb 2026 14:18:27 +0000
with message-id <[email protected]>
and subject line Bug#1127837: fixed in intel-microcode 3.20260210.1
has caused the Debian Bug report #1127837,
regarding intel-microcode: CVE-2025-31648 / INTEL-SA-01396
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1127837: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127837
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: intel-microcode
Version: 3.20251111.1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 3.20250812.1~deb13u1
Control: found -1 3.20251111.1~deb13u1
Control: found -1 3.20250812.1~deb12u1
Control: found -1 3.20251111.1~deb12u1

Hi,

The following vulnerability was published for intel-microcode.

CVE-2025-31648[0]:
| Improper handling of values in the microcode flow for some Intel(R)
| Processor Family may allow an escalation of privilege. Startup code
| and smm adversary with a privileged user combined with a high
| complexity attack may enable escalation of privilege. This result
| may potentially occur via local access when attack requirements are
| present with special internal knowledge and requires no user
| interaction. The potential vulnerability may impact the
| confidentiality (low), integrity (low) and availability (none) of
| the vulnerable system, resulting in subsequent system
| confidentiality (low), integrity (low) and availability (none)
| impacts.

I think this one can be fixed via next point releases and does not
need a DSA, but in any case let's follow the usual approach to get
fixes in unstable and exposure there first.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-31648
    https://www.cve.org/CVERecord?id=CVE-2025-31648
[1] 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01396.html
[2] 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20260210-rev1

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: intel-microcode
Source-Version: 3.20260210.1
Done: Henrique de Moraes Holschuh <[email protected]>

We believe that the bug you reported is fixed in the latest version of
intel-microcode, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Henrique de Moraes Holschuh <[email protected]> (supplier of updated 
intel-microcode package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 14 Feb 2026 09:13:55 -0300
Source: intel-microcode
Architecture: source
Version: 3.20260210.1
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh <[email protected]>
Changed-By: Henrique de Moraes Holschuh <[email protected]>
Closes: 1127837
Changes:
 intel-microcode (3.20260210.1) unstable; urgency=medium
 .
   * New upstream microcode datafile 20260210 (closes: #1127837)
     - Updated mitigations for INTEL-SA-01083 (CVE-2024-24853)
       Incorrect behavior order in transition between executive monitor and SMI
       transfer monitor (STM) in some Intel Processors may allow a privileged
       user to potentially enable escalation of privilege via local access.
     - Mitigations for INTEL-SA-01396 (CVE-2025-31648)
       Improper handling of values in the microcode flow for some Intel
       Processor Family may allow an escalation of privilege.  Startup code and
       SMM adversary with a privileged user combined with a high complexity
       attack may enable escalation of privilege via local access when attack
       requirements are present, with low impact to the confidentiality and
       integrity of the vulnerable system.
     - Fixes for undisclosed functional issues on several processors
   * Updated microcodes:
     + sig 0x000606a6, pf_mask 0x87, 2025-08-19, rev 0xd000421, size 309248
     + sig 0x000606c1, pf_mask 0x10, 2025-08-19, rev 0x10002f1, size 301056
     + sig 0x000706e5, pf_mask 0x80, 2025-07-24, rev 0x00cc, size 115712
     + sig 0x000806c1, pf_mask 0x80, 2025-07-24, rev 0x00be, size 112640
     + sig 0x000806c2, pf_mask 0xc2, 2025-07-24, rev 0x003e, size 99328
     + sig 0x000806d1, pf_mask 0xc2, 2025-07-24, rev 0x0058, size 105472
     + sig 0x000806f8, pf_mask 0x87, 2025-08-25, rev 0x2b000661, size 595968
     + sig 0x000806f7, pf_mask 0x87, 2025-08-25, rev 0x2b000661
     + sig 0x000806f6, pf_mask 0x87, 2025-08-25, rev 0x2b000661
     + sig 0x000806f5, pf_mask 0x87, 2025-08-25, rev 0x2b000661
     + sig 0x000806f4, pf_mask 0x87, 2025-08-25, rev 0x2b000661
     + sig 0x000806f8, pf_mask 0x10, 2025-08-25, rev 0x2c000421, size 626688
     + sig 0x000806f8, pf_mask 0x10, 2025-08-25, rev 0x2c000421
     + sig 0x000806f6, pf_mask 0x10, 2025-08-25, rev 0x2c000421
     + sig 0x000806f5, pf_mask 0x10, 2025-08-25, rev 0x2c000421
     + sig 0x000806f4, pf_mask 0x10, 2025-08-25, rev 0x2c000421
     + sig 0x00090672, pf_mask 0x07, 2025-10-12, rev 0x003e, size 227328
     + sig 0x00090675, pf_mask 0x07, 2025-10-12, rev 0x003e
     + sig 0x000b06f2, pf_mask 0x07, 2025-10-12, rev 0x003e
     + sig 0x000b06f5, pf_mask 0x07, 2025-10-12, rev 0x003e
     + sig 0x000b06f6, pf_mask 0x07, 2025-10-12, rev 0x003e
     + sig 0x000b06f7, pf_mask 0x07, 2025-10-12, rev 0x003e
     + sig 0x000906a3, pf_mask 0x80, 2025-10-12, rev 0x043b, size 225280
     + sig 0x000906a4, pf_mask 0x80, 2025-10-12, rev 0x043b
     + sig 0x000906a4, pf_mask 0x40, 2025-07-10, rev 0x000c, size 119808
     + sig 0x000a0671, pf_mask 0x02, 2025-07-24, rev 0x0065, size 108544
     + sig 0x000a06a4, pf_mask 0xe6, 2025-09-24, rev 0x0028, size 141312
     + sig 0x000a06d1, pf_mask 0x95, 2025-10-31, rev 0x1000405, size 1672192
     + sig 0x000a06d1, pf_mask 0x20, 2025-10-09, rev 0xa000133, size 1643520
     + sig 0x000a06e1, pf_mask 0x97, 2025-11-03, rev 0x10002f3, size 1645568
     + sig 0x000b0650, pf_mask 0x80, 2025-09-25, rev 0x000d, size 137216
     + sig 0x000b0671, pf_mask 0x32, 2025-10-08, rev 0x0133, size 219136
     + sig 0x000b0674, pf_mask 0x32, 2025-10-08, rev 0x0133
     + sig 0x000b06a2, pf_mask 0xe0, 2025-10-08, rev 0x6134, size 224256
     + sig 0x000b06a3, pf_mask 0xe0, 2025-10-08, rev 0x6134
     + sig 0x000b06a8, pf_mask 0xe0, 2025-10-08, rev 0x6134
     + sig 0x000b06e0, pf_mask 0x19, 2025-09-12, rev 0x0021, size 142336
     + sig 0x000c0662, pf_mask 0x82, 2025-08-03, rev 0x011b, size 91136
     + sig 0x000c06a2, pf_mask 0x82, 2025-08-03, rev 0x011b
     + sig 0x000c0652, pf_mask 0x82, 2025-08-03, rev 0x011b
     + sig 0x000c0664, pf_mask 0x82, 2025-08-03, rev 0x011b
     + sig 0x000c06f2, pf_mask 0x87, 2025-08-25, rev 0x210002d3, size 566272
     + sig 0x000c06f1, pf_mask 0x87, 2025-08-25, rev 0x210002d3
Checksums-Sha1:
 b00f26da3ca95198f458de194d0f8ff5e2ba2da8 1879 intel-microcode_3.20260210.1.dsc
 34466465b0b48a7126ffc4df4e3ec73febd6bb3f 14293268 
intel-microcode_3.20260210.1.tar.xz
 7993dd458b340746a2e494c17ab3ac58c2afbc67 5729 
intel-microcode_3.20260210.1_amd64.buildinfo
Checksums-Sha256:
 9a22413f0956e994fad890adad26352a514d78cc651c569571463e607e1d0a3b 1879 
intel-microcode_3.20260210.1.dsc
 4d8654f4f6c7d14f496bcfcb097522d2825282eb8ea27605d882092371d66a76 14293268 
intel-microcode_3.20260210.1.tar.xz
 86a24ea7a681316baace29d5670b6c54752d6fffa6f4b8de58cbf226f484d911 5729 
intel-microcode_3.20260210.1_amd64.buildinfo
Files:
 c5c7906a3947d677744dfb87c072f0fd 1879 non-free-firmware/admin standard 
intel-microcode_3.20260210.1.dsc
 b1db6cbf530dc504f4cba6fbb5075c3a 14293268 non-free-firmware/admin standard 
intel-microcode_3.20260210.1.tar.xz
 876ba753f74fa74c008b808e69bb4bc5 5729 non-free-firmware/admin standard 
intel-microcode_3.20260210.1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEExGenF1B7uv7TwWCSC9noETnLSAcFAmmQgP0ACgkQC9noETnL
SAebKhAAovI/NSeh1CUiSWK4JFj2VC9M3qQziY0ZJnxm3Qv3M/krz389ySE7nbv4
MmgPAUEsP5eAcDAl1YXChU0p7aX/cV/RreNovKkM7eauvB2oTYT6D7qM7n8eFIis
CFxkTgr2rB1FCTHt6hQr9xs27cBjPawduW3twKNxh+2kTu6SrAH3NpCJfpx5Dy3y
ajhc1OHWcC1l5BMvZdspgTKyrGGt4SHhaauAAyE793tRkRDwhSRsO+XZjdD7kkrv
WWgD5lUZwNzee5qE69J4r7VDEn/75AcosYsGLakn7Bq2/z/wtRDGVrXc7jbp9gPU
9nzRbNH4nxpaFwMxVgdVhEnrINETHcirzsDXrvF074h+z7aGqOshJBDb4XjJq4DX
pyC/mz45R2+VH9fxMIJ98hCCOAH4h0qaDeXztPbrPoVDL1NbNi0GHVE/i/mXQuvp
xNo33afsyP/56GNefWitLe9bedhuxUR62krt2ud+YYtYbfa+ddRX3hhzjzcm9tnl
3x9XFJjJsLjrPEGDBrDwp0ozmL976mUOty9cA0sYTs7JLffbzGcuKJOX3hJmpKLf
6b/L1l7rOQhp14YpzLarCfH4JFZT4L5AQAtHVboYkYzA0G//abgV64DXtJuJzvT+
Zmxm4tSHleRx/reeKZOrPwwjZ1tG4P6cCbhcY1TiY0IA3Se8bpY=
=9do4
-----END PGP SIGNATURE-----

Attachment: pgpKCMluKSPPU.pgp
Description: PGP signature


--- End Message ---

Reply via email to