OESA-2026-1440

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1440

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2026-1440.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2026-1440

Upstream

CVE-2025-31648

Published

2026-02-28T12:44:20Z

Modified

2026-02-28T13:02:37.647580Z

Summary

microcode_ctl security update

Details

This is a tool to transform and deploy microcode update for x86 CPUs.

Security Fix(es):

Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts.(CVE-2025-31648)

Database specific

{
    "severity": "Low"
}

References

Affected packages

openEuler:20.03-LTS-SP4 / microcode_ctl

Package

Name: microcode_ctl
Purl: pkg:rpm/openEuler/microcode_ctl&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20260210.1-1.oe2003sp4

Ecosystem specific

{
    "src": [
        "microcode_ctl-20260210.1-1.oe2003sp4.src.rpm"
    ],
    "x86_64": [
        "microcode_ctl-20260210.1-1.oe2003sp4.x86_64.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2026-1440.json"