Advisories » MGASA-2026-0043

Updated microcode packages fix security vulnerabilities

Publication date: 18 Feb 2026
Modification date: 18 Feb 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-24853 , CVE-2025-31648

Description

The updated package updates AMD CPUs microcodes and fixes security
vulnerabilities in Intel CPUs microcodes:
Incorrect behavior order in transition between executive monitor and SMI
transfer monitor (STM) in some Intel(R) Processor may allow a privileged
user to potentially enable escalation of privilege via local access.
(CVE-2024-24853)
Improper handling of values in the microcode flow for some Intel(R)
Processor Family may allow an escalation of privilege. Startup code and
smm adversary with a privileged user combined with a high complexity
attack may enable escalation of privilege. This result may potentially
occur via local access when attack requirements are present with special
internal knowledge and requires no user interaction. The potential
vulnerability may impact the confidentiality (low), integrity (low) and
availability (none) of the vulnerable system, resulting in subsequent
system confidentiality (low), integrity (low) and availability (none)
impacts. (CVE-2025-31648)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=35130
• https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20260210-rev1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24853
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31648

SRPMS

9/nonfree

• microcode-0.20260210-1.mga9.nonfree