Описание
Security update for ucode-intel
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20260210 release (bsc#1258046)
- CVE-2024-24853: Updated fix for incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access. (bsc#1229129)
- CVE-2025-31648: Improper handling of values in the microcode flow for some Intel Processor Family may allow an escalation of privilege. (bsc#1258046)
Список пакетов
SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE
Ссылки
- Link for SUSE-SU-2026:0670-1
- E-Mail link for SUSE-SU-2026:0670-1
- SUSE Security Ratings
- SUSE Bug 1229129
- SUSE Bug 1258046
- SUSE CVE CVE-2024-24853 page
- SUSE CVE CVE-2025-31648 page
Описание
Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access.
Затронутые продукты
Ссылки
- CVE-2024-24853
- SUSE Bug 1229129
Описание
Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts.
Затронутые продукты
Ссылки
- CVE-2025-31648
- SUSE Bug 1258046