{"id":"MGASA-2026-0043","summary":"Updated microcode packages fix security vulnerabilities","details":"The updated package updates AMD CPUs microcodes and fixes security\nvulnerabilities in Intel CPUs microcodes:\nIncorrect behavior order in transition between executive monitor and SMI\ntransfer monitor (STM) in some Intel(R) Processor may allow a privileged\nuser to potentially enable escalation of privilege via local access.\n(CVE-2024-24853)\nImproper handling of values in the microcode flow for some Intel(R)\nProcessor Family may allow an escalation of privilege. Startup code and\nsmm adversary with a privileged user combined with a high complexity\nattack may enable escalation of privilege. This result may potentially\noccur via local access when attack requirements are present with special\ninternal knowledge and requires no user interaction. The potential\nvulnerability may impact the confidentiality (low), integrity (low) and\navailability (none) of the vulnerable system, resulting in subsequent\nsystem confidentiality (low), integrity (low) and availability (none)\nimpacts. (CVE-2025-31648)\n","modified":"2026-04-16T00:12:03.504224674Z","published":"2026-02-18T16:17:22Z","upstream":["CVE-2024-24853","CVE-2025-31648"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2026-0043.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=35130"},{"type":"WEB","url":"https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20260210-rev1"}],"affected":[{"package":{"name":"microcode","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/microcode?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.20260210-1.mga9.nonfree"}]}],"ecosystem_specific":{"section":"nonfree"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2026-0043.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}