CVE-2025-26403Out-of-bounds Write in Intel-microcode

CWE-787Out-of-bounds Write6 documents5 sources
Severity
4.5MEDIUMNVD
OSV7.0
EPSS
0.0%
top 97.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Debian Intel-microcode
Timeline
PublishedAug 12
Latest updateNov 10

Description

Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) 6 processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N

Affected Packages1 packages

debiandebian/intel-microcode< intel-microcode 3.20250812.1~deb12u1 (bookworm)

🔴Vulnerability Details

3
OSV
intel-microcode vulnerabilities2025-11-10
OSV
CVE-2025-26403: Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) 6 processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user2025-08-12
GHSA
GHSA-7gf7-6hqr-6chr: Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) 6 processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user2025-08-12

📋Vendor Advisories

2
Ubuntu
Intel Microcode vulnerabilities2025-11-10
Debian
CVE-2025-26403: intel-microcode - Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) 6 processo...2025