35130 – microcode new security issues CVE-2024-24853 and CVE-2025-31648

Bug 35130 - microcode new security issues CVE-2024-24853 and CVE-2025-31648

Summary: microcode new security issues CVE-2024-24853 and CVE-2025-31648

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA9-64-OK MGA9-32-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2026-02-12 13:40 CET by Nicolas Salguero
Modified:	2026-02-18 17:18 CET (History)
CC List:	6 users (show)

See Also:
Source RPM:	microcode-0.20251111-1.mga9.nonfree.src.rpm
CVE:	CVE-2024-24853, CVE-2025-31648
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2026-02-12 13:40:38 CET

The issues are fixed upstream in 20260210:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20260210-rev1

Nicolas Salguero 2026-02-12 13:42:54 CET

CVE: (none) => CVE-2024-24853, CVE-2025-31648
Whiteboard: (none) => MGA9TOO
Source RPM: (none) => microcode-0.20251111-3.mga10.nonfree.src.rpm, microcode-0.20251111-1.mga9.nonfree.src.rpm
Flags: (none) => affects_mga9+

Nicolas Salguero 2026-02-12 13:44:27 CET

Assignee: bugsquad => nicolas.salguero

Comment 1 Nicolas Salguero 2026-02-15 11:03:54 CET

Suggested advisory:
========================

The updated package updates AMD CPUs microcodes and fixes security vulnerabilities in Intel CPUs microcodes:

Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2024-24853)

Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts. (CVE-2025-31648)

References:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20260210-rev1
========================

Updated package in nonfree/updates_testing:
========================
microcode-0.20260210-1.mga9.nonfree

from SRPM:
microcode-0.20260210-1.mga9.nonfree.src.rpm

Status: NEW => ASSIGNED
Whiteboard: MGA9TOO => (none)
Source RPM: microcode-0.20251111-3.mga10.nonfree.src.rpm, microcode-0.20251111-1.mga9.nonfree.src.rpm => microcode-0.20251111-1.mga9.nonfree.src.rpm
Assignee: nicolas.salguero => qa-bugs
Version: Cauldron => 9

Nicolas Salguero 2026-02-15 11:04:01 CET

Flags: affects_mga9+ => (none)

Comment 2 Nicolas Salguero 2026-02-15 11:04:29 CET

For Cauldron, I asked for a freeze move.

PC LX 2026-02-15 11:20:35 CET

CC: (none) => mageia

Comment 3 Herman Viaene 2026-02-16 11:20:46 CET

MGA9-64 server Plasma Wayland on Compaq H000SB
Processor dual
AMD E1-2100 APU with Radeon(TM) HD Graphics
No installation issues.
Rebooted after installation, no obvious problems with wifi, internet, sound, pictures, office documents.

CC: (none) => herman.viaene

Comment 4 Brian Rockwell 2026-02-16 15:21:45 CET

MGA9-64, Plasma, Ryzen 5600, nvidia RTX 3050


Update microcode


--rebooted

$ nvidia-smi
Mon Feb 16 08:16:14 2026       
+-----------------------------------------------------------------------------------------+
| NVIDIA-SMI 580.119.02             Driver Version: 580.119.02     CUDA Version: 13.0     |
+-----------------------------------------+------------------------+----------------------+
| GPU  Name                 Persistence-M | Bus-Id          Disp.A | Volatile Uncorr. ECC |
| Fan  Temp   Perf          Pwr:Usage/Cap |           Memory-Usage | GPU-Util  Compute M. |
|                                         |                        |               MIG M. |
|=========================================+========================+======================|
|   0  NVIDIA GeForce RTX 3050        Off |   00000000:05:00.0  On |                  N/A |
| 30%   29C    P8              8W /   70W |     535MiB /   6144MiB |      0%      Default |
|                                         |                        |                  N/A |
+-----------------------------------------+------------------------+----------------------+




so far system is behaving

CC: (none) => brtians1

Comment 5 PC LX 2026-02-16 17:26:20 CET

Installed and tested without issues.

Tested for about a day of workstation usage with an AMD Ryzen 5 5600G CPU.
No issues noticed.



System: Mageia 9, x86_64, Plasma DE, Xorg, AMD Ryzen 5 5600G with Radeon Graphics using amdgpu driver.



$ uname -a
Linux jupiter 6.6.120-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Wed Jan 14 01:59:53 UTC 2026 x86_64 GNU/Linux
$ dmesg | grep microcode
[    0.525575] microcode: Current revision: 0x0a500012
[    0.525587] microcode: Updated early from: 0x0a50000d
[    0.525697] microcode: Microcode Update Driver: v2.2.
$ rpm -q microcode
microcode-0.20260210-1.mga9.nonfree

katnatek 2026-02-16 19:25:00 CET

Keywords: (none) => advisory

Comment 6 katnatek 2026-02-16 20:15:35 CET

RH x86_64

installing microcode-0.20260210-1.mga9.nonfree.noarch.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ###################################################################################################
      1/1: microcode             ###################################################################################################
dracut: dracut module 'systemd-initrd' depends on 'systemd', which can't be installed
dracut: dracut module 'ifcfg' depends on 'network', which can't be installed
dracut: dracut module 'systemd-initrd' depends on 'systemd', which can't be installed
dracut: dracut module 'dracut-systemd' depends on 'systemd-initrd', which can't be installed
dracut: dracut module 'ifcfg' depends on 'network', which can't be installed
      1/1: removing microcode-0.20251111-1.mga9.nonfree.noarch
                                 ###################################################################################################

Reboot
journalctl -xb | grep microcode
feb 16 13:03:48 jgrey.phoenix kernel: MDS: Vulnerable: Clear CPU buffers attempted, no microcode
feb 16 13:03:48 jgrey.phoenix kernel: microcode: Current revision: 0x00000007
feb 16 13:03:48 jgrey.phoenix kernel: microcode: Updated early from: 0x00000003

Not see the line  microcode: Microcode Update Driver: v2.2. like previous 
round https://bugs.mageia.org/show_bug.cgi?id=34768#c3 but not detect issues

Comment 7 Morgan Leijström 2026-02-16 23:08:09 CET

OK x86_64 on AMD Ryzen 5 2600X
My newer workstation machine. Plasma.
GPU nvidia GTX 1070Ti, nvidia470 

$ sudo journalctl -xb | grep microcode
[sudo] lösenord för morgan: 
feb 16 14:52:10 svarten.tribun kernel: microcode: Current revision: 0x0800820e

CC: (none) => fri

Comment 8 katnatek 2026-02-17 19:39:30 CET

RH i586

installing microcode-0.20260210-1.mga9.nonfree.noarch.rpm from //home/katnatek/qa-testing/i586
Preparing...                     #######################################################################################
      1/1: microcode             #######################################################################################
dracut: dracut module 'systemd-initrd' depends on 'systemd', which can't be installed
dracut: dracut module 'ifcfg' depends on 'network', which can't be installed
dracut: dracut module 'systemd-initrd' depends on 'systemd', which can't be installed
dracut: dracut module 'dracut-systemd' depends on 'systemd-initrd', which can't be installed
dracut: dracut module 'ifcfg' depends on 'network', which can't be installed
      1/1: removing microcode-0.20251111-1.mga9.nonfree.noarch
                                 #######################################################################################

Reboot

journalctl -xb | grep microcode
feb 17 12:31:08 cefiro kernel: MDS: Vulnerable: Clear CPU buffers attempted, no microcode
feb 17 12:31:09 cefiro kernel: microcode: Current revision: 0x000000a4
feb 17 12:31:09 cefiro kernel: microcode: Updated early from: 0x000000a3

Similar to https://bugs.mageia.org/show_bug.cgi?id=34768#c4 , but as in
x86_64 I not see microcode: Microcode Update Driver: v2.2. line

Comment 9 Thomas Andrews 2026-02-17 19:40:57 CET

According to the reference, I don't have any of the processors that are affected by this update. 

However, I installed it on two machines, one with an Intel i5-7500; the other with an AMD A8-4555. No ill affects noticed on either after two days of use.

Comment 10 Thomas Andrews 2026-02-18 13:21:56 CET

Good enough. Validating.

Keywords: (none) => validated_update
Whiteboard: (none) => MGA9-64-OK MGA9-32-OK
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 11 Mageia Robot 2026-02-18 17:18:11 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2026-0043.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.