Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2026:20401-1

Опубликовано: 19 мар. 2026
Источник: suse-cvrf

Описание

Security update for ucode-intel

This update for ucode-intel fixes the following issues:

  • Intel CPU Microcode was updated to the 20260210 release (bsc#1258046):

    • CVE-2024-24853: Updated fix for incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access (bsc#1229129).

    • CVE-2025-31648: Improper handling of values in the microcode flow for some Intel Processor Family may allow an escalation of privilege (bsc#1258046).

  • Intel CPU Microcode was updated to the 20251111 release (bsc#1253319):

    • Update for functional issues.

  • switch the supplements to use supplements + kernel to allow moving a installation to Intel hardware (bsc#1249138)

  • Intel CPU Microcode was updated to the 20241029 release (bsc#1230400):

    • Update for functional issues.

Список пакетов

openSUSE Leap 16.0
ucode-intel-20260210-160000.1.1

Ссылки

Описание

Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access.

Затронутые продукты
openSUSE Leap 16.0:ucode-intel-20260210-160000.1.1
Ссылки

Описание

Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts.

Затронутые продукты
openSUSE Leap 16.0:ucode-intel-20260210-160000.1.1
Ссылки