{
	"document":{
		"aggregate_severity":{
			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
			"text":"Low"
		},
		"category":"csaf_vex",
		"csaf_version":"2.0",
		"distribution":{
			"tlp":{
				"label":"WHITE",
				"url":"https:/www.first.org/tlp/"
			}
		},
		"lang":"en",
		"notes":[
			{
				"text":"microcode_ctl security update",
				"category":"general",
				"title":"Synopsis"
			},
			{
				"text":"An update for microcode_ctl is now available for openEuler-24.03-LTS-SP3",
				"category":"general",
				"title":"Summary"
			},
			{
				"text":"This is a tool to transform and deploy microcode update for x86 CPUs.\n\nSecurity Fix(es):\n\nImproper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts.(CVE-2025-31648)",
				"category":"general",
				"title":"Description"
			},
			{
				"text":"An update for microcode_ctl is now available for openEuler-24.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
				"category":"general",
				"title":"Topic"
			},
			{
				"text":"Low",
				"category":"general",
				"title":"Severity"
			},
			{
				"text":"microcode_ctl",
				"category":"general",
				"title":"Affected Component"
			}
		],
		"publisher":{
			"issuing_authority":"openEuler security committee",
			"name":"openEuler",
			"namespace":"https://www.openeuler.org",
			"contact_details":"openeuler-security@openeuler.org",
			"category":"vendor"
		},
		"references":[
			{
				"summary":"openEuler-SA-2026-1420",
				"category":"self",
				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1420"
			},
			{
				"summary":"CVE-2025-31648",
				"category":"self",
				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-31648&packageName=microcode_ctl"
			},
			{
				"summary":"nvd cve",
				"category":"external",
				"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-31648"
			},
			{
				"summary":"openEuler-SA-2026-1420 vex file",
				"category":"self",
				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-1420.json"
			}
		],
		"title":"An update for microcode_ctl is now available for openEuler-24.03-LTS-SP3",
		"tracking":{
			"initial_release_date":"2026-02-14T15:28:43+08:00",
			"revision_history":[
				{
					"date":"2026-02-14T15:28:43+08:00",
					"summary":"Initial",
					"number":"1.0.0"
				}
			],
			"generator":{
				"date":"2026-02-14T15:28:43+08:00",
				"engine":{
					"name":"openEuler CSAF Tool V1.0"
				}
			},
			"current_release_date":"2026-02-14T15:28:43+08:00",
			"id":"openEuler-SA-2026-1420",
			"version":"1.0.0",
			"status":"final"
		}
	},
	"product_tree":{
		"branches":[
			{
				"name":"openEuler",
				"category":"vendor",
				"branches":[
					{
						"name":"openEuler",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3"
									},
									"product_id":"openEuler-24.03-LTS-SP3",
									"name":"openEuler-24.03-LTS-SP3"
								},
								"name":"openEuler-24.03-LTS-SP3",
								"category":"product_version"
							}
						],
						"category":"product_name"
					},
					{
						"name":"src",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3"
									},
									"product_id":"microcode_ctl-20260210.1-1.oe2403sp3.src.rpm",
									"name":"microcode_ctl-20260210.1-1.oe2403sp3.src.rpm"
								},
								"name":"microcode_ctl-20260210.1-1.oe2403sp3.src.rpm",
								"category":"product_version"
							}
						],
						"category":"architecture"
					},
					{
						"name":"x86_64",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3"
									},
									"product_id":"microcode_ctl-20260210.1-1.oe2403sp3.x86_64.rpm",
									"name":"microcode_ctl-20260210.1-1.oe2403sp3.x86_64.rpm"
								},
								"name":"microcode_ctl-20260210.1-1.oe2403sp3.x86_64.rpm",
								"category":"product_version"
							}
						],
						"category":"architecture"
					}
				]
			}
		],
		"relationships":[
			{
				"relates_to_product_reference":"openEuler-24.03-LTS-SP3",
				"product_reference":"microcode_ctl-20260210.1-1.oe2403sp3.src.rpm",
				"full_product_name":{
					"product_id":"openEuler-24.03-LTS-SP3:microcode_ctl-20260210.1-1.oe2403sp3.src",
					"name":"microcode_ctl-20260210.1-1.oe2403sp3.src as a component of openEuler-24.03-LTS-SP3"
				},
				"category":"default_component_of"
			},
			{
				"relates_to_product_reference":"openEuler-24.03-LTS-SP3",
				"product_reference":"microcode_ctl-20260210.1-1.oe2403sp3.x86_64.rpm",
				"full_product_name":{
					"product_id":"openEuler-24.03-LTS-SP3:microcode_ctl-20260210.1-1.oe2403sp3.x86_64",
					"name":"microcode_ctl-20260210.1-1.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3"
				},
				"category":"default_component_of"
			}
		]
	},
	"vulnerabilities":[
		{
			"cve":"CVE-2025-31648",
			"notes":[
				{
					"text":"Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts.",
					"category":"description",
					"title":"Vulnerability Description"
				}
			],
			"product_status":{
				"fixed":[
					"openEuler-24.03-LTS-SP3:microcode_ctl-20260210.1-1.oe2403sp3.src",
					"openEuler-24.03-LTS-SP3:microcode_ctl-20260210.1-1.oe2403sp3.x86_64"
				]
			},
			"remediations":[
				{
					"product_ids":[
						"openEuler-24.03-LTS-SP3:microcode_ctl-20260210.1-1.oe2403sp3.src",
						"openEuler-24.03-LTS-SP3:microcode_ctl-20260210.1-1.oe2403sp3.x86_64"
					],
					"details":"microcode_ctl security update",
					"category":"vendor_fix",
					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1420"
				}
			],
			"scores":[
				{
					"cvss_v3":{
						"baseSeverity":"LOW",
						"baseScore":3.9,
						"vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
						"version":"3.1"
					},
					"products":[
						"openEuler-24.03-LTS-SP3:microcode_ctl-20260210.1-1.oe2403sp3.src",
						"openEuler-24.03-LTS-SP3:microcode_ctl-20260210.1-1.oe2403sp3.x86_64"
					]
				}
			],
			"threats":[
				{
					"details":"Low",
					"category":"impact"
				}
			],
			"title":"CVE-2025-31648"
		}
	]
}