An update for microcode_ctl is now available for openEuler-20.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-1440 Final 1.0 1.0 2026-02-28 Initial 2026-02-28 2026-02-28 openEuler SA Tool V1.0 2026-02-28 microcode_ctl security update An update for microcode_ctl is now available for openEuler-20.03-LTS-SP4 This is a tool to transform and deploy microcode update for x86 CPUs. Security Fix(es): Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts.(CVE-2025-31648) An update for microcode_ctl is now available for openEuler-20.03-LTS-SP4. openEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Low microcode_ctl https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1440 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-31648 https://nvd.nist.gov/vuln/detail/CVE-2025-31648 openEuler-20.03-LTS-SP4 microcode_ctl-20260210.1-1.oe2003sp4.src.rpm microcode_ctl-20260210.1-1.oe2003sp4.x86_64.rpm Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts. 2026-02-28 CVE-2025-31648 openEuler-20.03-LTS-SP4 Low 3.9 AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N microcode_ctl security update 2026-02-28 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1440