CVE-2025-26403: 
Linux Debian vulnerability analysis and mitigation

Out-of-bounds write vulnerability (CVE-2025-26403) was discovered in the memory subsystem affecting specific Intel(R) Xeon(R) 6 processors when utilizing Intel(R) SGX or Intel(R) TDX technologies. The vulnerability was publicly disclosed on August 12, 2025, and primarily impacts systems running these specific processor configurations (NVD Database, Ubuntu Security).

The vulnerability is classified as an out-of-bounds write (CWE-787) affecting the memory subsystem. It has received a CVSS v3.1 base score of 7.2 (High) with the vector string CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N. The CVSS v4.0 assessment indicates a medium severity score of 4.5 with the vector string CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N (NVD Database).

The vulnerability can lead to escalation of privilege through local access when successfully exploited. It affects both confidentiality and integrity with high impact ratings, while availability remains unaffected according to the CVSS scoring. The scope is changed, indicating potential impacts beyond the vulnerable component (Ubuntu Security).

The vulnerability is currently under evaluation for multiple Ubuntu releases including 25.04, 24.04 LTS, 22.04 LTS, 20.04 LTS, 18.04 LTS, 16.04 LTS, and 14.04 LTS. Updates to the intel-microcode package are expected to address this vulnerability (Ubuntu Security).