CVE-2025-31648

EUVD-2025-207126

10.02.2026, 17:16

Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.9 LOW	LOCAL	HIGH	HIGH	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
intel	CNA	3.9 LOW	LOCAL	HIGH	HIGH	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

intel-microcode

bookworm	no-dsa
bookworm/non-free-firmware	vulnerable
bookworm/non-free-firmware (security)	vulnerable
bullseye	postponed
bullseye/non-free	vulnerable
bullseye/non-free (security)	vulnerable
forky/non-free-firmware	3.20260210.1 fixed
sid/non-free-firmware	3.20260210.1 fixed
trixie	no-dsa
trixie/non-free-firmware	vulnerable
trixie/non-free-firmware (security)	vulnerable

Common Weakness Enumeration

CWE-229 - Improper Handling of Values
The software does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are undefined.

References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01396.html