Source: intel-microcode Version: 3.20251111.1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: found -1 3.20250812.1~deb13u1 Control: found -1 3.20251111.1~deb13u1 Control: found -1 3.20250812.1~deb12u1 Control: found -1 3.20251111.1~deb12u1
Hi, The following vulnerability was published for intel-microcode. CVE-2025-31648[0]: | Improper handling of values in the microcode flow for some Intel(R) | Processor Family may allow an escalation of privilege. Startup code | and smm adversary with a privileged user combined with a high | complexity attack may enable escalation of privilege. This result | may potentially occur via local access when attack requirements are | present with special internal knowledge and requires no user | interaction. The potential vulnerability may impact the | confidentiality (low), integrity (low) and availability (none) of | the vulnerable system, resulting in subsequent system | confidentiality (low), integrity (low) and availability (none) | impacts. I think this one can be fixed via next point releases and does not need a DSA, but in any case let's follow the usual approach to get fixes in unstable and exposure there first. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-31648 https://www.cve.org/CVERecord?id=CVE-2025-31648 [1] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01396.html [2] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20260210-rev1 Regards, Salvatore
