Amazon Linux 2023 Security Advisory: ALAS2023-2026-1675
Advisory Released Date: 2026-05-14
Advisory Updated Date: 2026-05-14
Severity:
Low
Issue Overview:
Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts. (CVE-2025-31648)
Affected Packages:
microcode_ctl
Issue Correction:
Run dnf update microcode_ctl --releasever 2023.11.20260511 or dnf update --advisory ALAS2023-2026-1675 --releasever 2023.11.20260511 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
src:
microcode_ctl-2.1-53.amzn2023.0.15.src
x86_64:
microcode_ctl-2.1-53.amzn2023.0.15.x86_64