CVE-2025-31648
Publication date 12 February 2026
Last updated 12 February 2026
Ubuntu priority
Description
Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts.
Read the notes from the security team
Why is this CVE low priority?
High complexity local attack with special internal knowledge needed
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| intel-microcode | 25.10 questing |
Vulnerable
|
| 24.04 LTS noble |
Vulnerable
|
|
| 22.04 LTS jammy |
Vulnerable
|
|
| 20.04 LTS focal |
Vulnerable
|
|
| 18.04 LTS bionic |
Vulnerable
|
|
| 16.04 LTS xenial |
Vulnerable
|
|
| 14.04 LTS trusty | Ignored see Notes |
Notes
rodrigo-zaiden
trusty cannot use intel-microcode during early boot and is therefore generally not updated.