ALPINE-CVE-2025-31648

See a problem?
Please try reporting it to the source first.

Source

https://security.alpinelinux.org/vuln/CVE-2025-31648

Import Source

https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2025-31648.json

JSON Data

https://api.osv.dev/v1/vulns/ALPINE-CVE-2025-31648

Upstream

CVE-2025-31648

Published

2026-02-10T17:16:15.550Z

Modified

2026-02-17T19:15:38.942472Z

Severity

1.8 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts.

References

https://security.alpinelinux.org/vuln/CVE-2025-31648

Affected packages

Alpine:v3.20 / intel-ucode

Package

Name: intel-ucode
Purl: pkg:apk/alpine/intel-ucode?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20260210-r0

Affected versions

Other

20130222-r0

20170511-r0

20180108-r0

20180312-r0

20180807a-r0

20180807a-r1

20180807a-r2

20190514a-r0

20190618-r0

20190918-r0

20191112-r0

20191113-r0

20191115-r0

20200508-r0

20200520-r0

20200609-r0

20200616-r0

20201110-r0

20201112-r0

20210216-r0

20210608-r0

20220207-r0

20220419-r0

20220510-r0

20220809-r0

20221108-r0

20230214-r0

20230512-r0

20230516a-r0

20230613-r0

20230808-r0

20231114-r0

20240312-r0

20240514-r0

20240813-r0

20240910-r0

20241112-r0

20250211-r0

20250512-r0

20250812-r0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2025-31648.json"

Alpine:v3.21 / intel-ucode

Package

Name: intel-ucode
Purl: pkg:apk/alpine/intel-ucode?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20260210-r0

Affected versions

Other

20130222-r0

20170511-r0

20180108-r0

20180312-r0

20180807a-r0

20180807a-r1

20180807a-r2

20190514a-r0

20190618-r0

20190918-r0

20191112-r0

20191113-r0

20191115-r0

20200508-r0

20200520-r0

20200609-r0

20200616-r0

20201110-r0

20201112-r0

20210216-r0

20210608-r0

20220207-r0

20220419-r0

20220510-r0

20220809-r0

20221108-r0

20230214-r0

20230512-r0

20230516a-r0

20230613-r0

20230808-r0

20231114-r0

20240312-r0

20240514-r0

20240531-r0

20240813-r0

20240910-r0

20241029-r0

20241112-r0

20250211-r0

20250512-r0

20250812-r0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2025-31648.json"

Alpine:v3.22 / intel-ucode

Package

Name: intel-ucode
Purl: pkg:apk/alpine/intel-ucode?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20260210-r0

Affected versions

Other

20130222-r0

20170511-r0

20180108-r0

20180312-r0

20180807a-r0

20180807a-r1

20180807a-r2

20190514a-r0

20190618-r0

20190918-r0

20191112-r0

20191113-r0

20191115-r0

20200508-r0

20200520-r0

20200609-r0

20200616-r0

20201110-r0

20201112-r0

20210216-r0

20210608-r0

20220207-r0

20220419-r0

20220510-r0

20220809-r0

20221108-r0

20230214-r0

20230512-r0

20230516a-r0

20230613-r0

20230808-r0

20231114-r0

20240312-r0

20240514-r0

20240531-r0

20240813-r0

20240910-r0

20241029-r0

20241112-r0

20250211-r0

20250512-r0

20250812-r0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2025-31648.json"

Alpine:v3.23 / intel-ucode

Package

Name: intel-ucode
Purl: pkg:apk/alpine/intel-ucode?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20260210-r0

Affected versions

Other

20130222-r0

20170511-r0

20180108-r0

20180312-r0

20180807a-r0

20180807a-r1

20180807a-r2

20190514a-r0

20190618-r0

20190918-r0

20191112-r0

20191113-r0

20191115-r0

20200508-r0

20200520-r0

20200609-r0

20200616-r0

20201110-r0

20201112-r0

20210216-r0

20210608-r0

20220207-r0

20220419-r0

20220510-r0

20220809-r0

20221108-r0

20230214-r0

20230512-r0

20230516a-r0

20230613-r0

20230808-r0

20231114-r0

20240312-r0

20240514-r0

20240531-r0

20240813-r0

20240910-r0

20241029-r0

20241112-r0

20250211-r0

20250512-r0

20250812-r0

20251111-r0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2025-31648.json"