{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-43420", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "state": "PUBLISHED", "assignerShortName": "intel", "dateReserved": "2024-09-19T03:00:23.071Z", "datePublished": "2025-05-13T21:03:09.384Z", "dateUpdated": "2025-05-14T14:01:31.886Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2025-05-13T21:03:09.384Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Information Disclosure"}, {"lang": "en", "description": "Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution", "cweId": "CWE-1423", "type": "CWE"}]}], "affected": [{"vendor": "n/a", "product": "Intel Atom(R) processors", "versions": [{"version": "See references", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom(R) processors may allow an authenticated user to potentially enable information disclosure via local access."}], "references": [{"name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html", "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 5.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "cvssV4_0": {"version": "4.0", "baseScore": 5.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "attackVector": "LOCAL", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-14T13:59:10.424631Z", "id": "CVE-2024-43420", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-14T14:01:31.886Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-43420", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-14T13:59:10.424631Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-14T14:00:01.719Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "cvssV4_0": {"version": "4.0", "baseScore": 5.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "n/a", "product": "Intel Atom(R) processors", "versions": [{"status": "affected", "version": "See references"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html", "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html"}], "descriptions": [{"lang": "en", "value": "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom(R) processors may allow an authenticated user to potentially enable information disclosure via local access."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Information Disclosure"}, {"lang": "en", "type": "CWE", "cweId": "CWE-1423", "description": "Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution"}]}], "providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2025-05-13T21:03:09.384Z"}}}, "cveMetadata": {"cveId": "CVE-2024-43420", "state": "PUBLISHED", "dateUpdated": "2025-05-14T14:01:31.886Z", "dateReserved": "2024-09-19T03:00:23.071Z", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "datePublished": "2025-05-13T21:03:09.384Z", "assignerShortName": "intel"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom(R) processors may allow an authenticated user to potentially enable information disclosure via local access."}, {"lang": "es", "value": "La exposici\u00f3n de informaci\u00f3n confidencial causada por un estado predictor de microarquitectura compartido que influye en la ejecuci\u00f3n transitoria de algunos procesadores Intel Atom\u00ae puede permitir que un usuario autenticado habilite potencialmente la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso local."}], "id": "CVE-2024-43420", "lastModified": "2025-05-16T14:43:56.797", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 4.0, "source": "secure@intel.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "secure@intel.com", "type": "Secondary"}]}, "published": "2025-05-13T21:16:01.103", "references": [{"source": "secure@intel.com", "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2025:10111", "cpe": "cpe:/o:redhat:rhel_aus:7.7", "package": "microcode_ctl-2:2.1-53.26.el7_7.1", "product_name": "Red Hat Enterprise Linux 7.7 Advanced Update Support", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10108", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "microcode_ctl-2:2.1-73.24.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10126", "cpe": "cpe:/o:redhat:rhel_aus:8.2", "package": "microcode_ctl-4:20191115-4.20250512.1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10107", "cpe": "cpe:/o:redhat:rhel_aus:8.4", "package": "microcode_ctl-4:20210216-1.20250512.1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10109", "cpe": "cpe:/o:redhat:rhel_aus:8.6", "package": "microcode_ctl-4:20220207-1.20250512.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10109", "cpe": "cpe:/o:redhat:rhel_tus:8.6", "package": "microcode_ctl-4:20220207-1.20250512.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10109", "cpe": "cpe:/o:redhat:rhel_e4s:8.6", "package": "microcode_ctl-4:20220207-1.20250512.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10162", "cpe": "cpe:/o:redhat:rhel_tus:8.8", "package": "microcode_ctl-4:20220809-2.20250512.1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10162", "cpe": "cpe:/o:redhat:rhel_e4s:8.8", "package": "microcode_ctl-4:20220809-2.20250512.1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHBA-2025:9433", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "microcode_ctl-4:20250211-1.20250512.1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-06-24T00:00:00Z"}, {"advisory": "RHSA-2025:10103", "cpe": "cpe:/o:redhat:rhel_e4s:9.0", "package": "microcode_ctl-4:20220207-1.20250512.1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10102", "cpe": "cpe:/o:redhat:rhel_e4s:9.2", "package": "microcode_ctl-4:20220809-2.20250512.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10101", "cpe": "cpe:/o:redhat:rhel_eus:9.4", "package": "microcode_ctl-4:20230808-2.20250512.1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-07-01T00:00:00Z"}], "bugzilla": {"description": "microcode_ctl: Exposure of sensitive information", "id": "2366159", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366159"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-1423", "details": ["Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom(R) processors may allow an authenticated user to potentially enable information disclosure via local access."], "name": "CVE-2024-43420", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "microcode_ctl", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "microcode_ctl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "microcode_ctl", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2025-05-13T21:03:09Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-43420\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-43420\nhttps://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html"], "threat_severity": "Moderate"}