Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2026-01872

Опубликовано: 10 фев. 2026
Источник: fstec
CVSS3: 3.9
CVSS2: 2.4
EPSS Низкий

Описание

Уязвимость микропрограммного обеспечения процессоров Intel связана с неправильной обработкой значений. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии

Вендор

Intel Corp.

Наименование ПО

Intel Xeon W Processor
Intel Celeron Processor Family
10th Generation Intel Core Processor Family
12th Generation Intel Core Processor Family
Intel Xeon E-2300 Processor Family
Intel Xeon W-1300 processor family
11th Generation Intel Core Processor Family
Intel Core i7-11850he
Intel Core i7-1185g7e
Intel Core i7-1185gre
Intel Core i5-11500he
Intel Core i5-1145g7e
Intel Core i5-1145gre
Intel Core i3-11100he
Intel Core i3-1115g4e
Intel Core i3-1115gre
13th Generation Intel Core Processor Family
4th Generation Intel Xeon Platinum processors
4th Generation Intel Xeon Gold Processors
4th Generation Intel Xeon Silver Processor
4th Generation Intel Xeon Bronze Processor
14th Generation Intel Core Processor Family
5th Generation Intel Xeon Scalable processors
Intel Pentium Processor G7400
Intel Pentium Processor G7400T
4th Gen Intel Xeon Scalable Processors
Intel Celeron 6305re
Intel Celeron 6600hle
Intel Xeon W-11155mle
Intel Xeon W-11155mre
Intel Xeon W-11555mre
Intel Xeon W-11865mle
Intel Xeon W-11865mre
Intel Pentium Gold Processor Family
3rd Generation Intel Xeon Scalable Processor Family
13th Generation Intel Core i7 processors
Intel Xeon D Processor
Intel Core Ultra Processors (Series 2)
Intel Core Ultra Processor (Series 1)
Intel Xeon CPU Max Series processor
Intel Xeon 6 processor with P-Cores
Intel Xeon 6700P-B Series SoC with P-Cores
Intel Xeon 6500P-B Series SoC with P-Cores

Версия ПО

- (Intel Xeon W Processor)
- (Intel Celeron Processor Family)
- (10th Generation Intel Core Processor Family)
- (12th Generation Intel Core Processor Family)
- (Intel Xeon E-2300 Processor Family)
- (Intel Xeon W-1300 processor family)
- (11th Generation Intel Core Processor Family)
- (Intel Core i7-11850he)
- (Intel Core i7-1185g7e)
- (Intel Core i7-1185gre)
- (Intel Core i5-11500he)
- (Intel Core i5-1145g7e)
- (Intel Core i5-1145gre)
- (Intel Core i3-11100he)
- (Intel Core i3-1115g4e)
- (Intel Core i3-1115gre)
- (13th Generation Intel Core Processor Family)
- (4th Generation Intel Xeon Platinum processors)
- (4th Generation Intel Xeon Gold Processors)
- (4th Generation Intel Xeon Silver Processor)
- (4th Generation Intel Xeon Bronze Processor)
- (14th Generation Intel Core Processor Family)
- (5th Generation Intel Xeon Scalable processors)
- (Intel Pentium Processor G7400)
- (Intel Pentium Processor G7400T)
- (4th Gen Intel Xeon Scalable Processors)
- (Intel Celeron 6305re)
- (Intel Celeron 6600hle)
- (Intel Xeon W-11155mle)
- (Intel Xeon W-11155mre)
- (Intel Xeon W-11555mre)
- (Intel Xeon W-11865mle)
- (Intel Xeon W-11865mre)
- (Intel Pentium Gold Processor Family)
- (3rd Generation Intel Xeon Scalable Processor Family)
- (13th Generation Intel Core i7 processors)
- (Intel Xeon D Processor)
- (Intel Core Ultra Processors (Series 2))
- (Intel Core Ultra Processor (Series 1))
- (Intel Xeon CPU Max Series processor)
- (Intel Xeon 6 processor with P-Cores)
- (Intel Xeon 6700P-B Series SoC with P-Cores)
- (Intel Xeon 6500P-B Series SoC with P-Cores)

Тип ПО

Микропрограммный код
ПО программно-аппаратного средства
Микропрограммный код аппаратных компонентов компьютера

Операционные системы и аппаратные платформы

-

Уровень опасности уязвимости

Низкий уровень опасности (базовая оценка CVSS 2.0 составляет 2,4)
Низкий уровень опасности (базовая оценка CVSS 3.1 составляет 3,9)
Низкий уровень опасности (оценка CVSS 4.0 составляет 1,8)

Возможные меры по устранению уязвимости

Использование рекомендаций:
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01396.html

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 3%
0.00133
Низкий

3.9 Low

CVSS3

2.4 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2025-31648

CVSS3: 3.9
ubuntu
5 месяцев назад

Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts.

redhat логотип

CVE-2025-31648

CVSS3: 2.5
redhat
5 месяцев назад

Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts.

nvd логотип

CVE-2025-31648

CVSS3: 3.9
nvd
5 месяцев назад

Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts.

debian логотип

CVE-2025-31648

CVSS3: 3.9
debian
5 месяцев назад

Improper handling of values in the microcode flow for some Intel(R) Pr ...

github логотип

GHSA-cf43-7r7r-9f4f

CVSS3: 3.9
github
5 месяцев назад

Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts.

EPSS

Процентиль: 3%
0.00133
Низкий

3.9 Low

CVSS3

2.4 Low

CVSS2