CVE-2025-31648

Description

Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts.

Read the notes from the security team

Why is this CVE low priority?

High complexity local attack with special internal knowledge needed

Learn more about Ubuntu priority

• How can I get the fixes?
• What do statuses mean?
• Patch details

Get expanded security coverage with Ubuntu Pro

Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.

Notes

Patch details

References

• MITRE
• NVD
• Launchpad
• Debian

Related Ubuntu Security Notices (USN)

• USN-8068-1
• Intel Microcode vulnerability
• 3 March 2026

Other references

• https://www.cve.org/CVERecord?id=CVE-2025-31648
• https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20260210-rev1
• https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01396.html