{
  "threat_severity" : "Moderate",
  "public_date" : "2025-05-13T21:03:09Z",
  "bugzilla" : {
    "description" : "microcode_ctl: Exposure of sensitive information",
    "id" : "2366159",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2366159"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.6",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-1423",
  "details" : [ "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom(R) processors may allow an authenticated user to potentially enable information disclosure via local access." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7.7 Advanced Update Support",
    "release_date" : "2025-07-01T00:00:00Z",
    "advisory" : "RHSA-2025:10111",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.7",
    "package" : "microcode_ctl-2:2.1-53.26.el7_7.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
    "release_date" : "2025-07-01T00:00:00Z",
    "advisory" : "RHSA-2025:10108",
    "cpe" : "cpe:/o:redhat:rhel_els:7",
    "package" : "microcode_ctl-2:2.1-73.24.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-07-14T00:00:00Z",
    "advisory" : "RHSA-2025:10991",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "microcode_ctl-4:20250512-1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support",
    "release_date" : "2025-07-01T00:00:00Z",
    "advisory" : "RHSA-2025:10126",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.2",
    "package" : "microcode_ctl-4:20191115-4.20250512.1.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "release_date" : "2025-07-01T00:00:00Z",
    "advisory" : "RHSA-2025:10107",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.4",
    "package" : "microcode_ctl-4:20210216-1.20250512.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
    "release_date" : "2025-07-01T00:00:00Z",
    "advisory" : "RHSA-2025:10109",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.6",
    "package" : "microcode_ctl-4:20220207-1.20250512.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
    "release_date" : "2025-07-01T00:00:00Z",
    "advisory" : "RHSA-2025:10109",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.6",
    "package" : "microcode_ctl-4:20220207-1.20250512.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
    "release_date" : "2025-07-01T00:00:00Z",
    "advisory" : "RHSA-2025:10109",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.6",
    "package" : "microcode_ctl-4:20220207-1.20250512.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
    "release_date" : "2025-07-01T00:00:00Z",
    "advisory" : "RHSA-2025:10162",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.8",
    "package" : "microcode_ctl-4:20220809-2.20250512.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
    "release_date" : "2025-07-01T00:00:00Z",
    "advisory" : "RHSA-2025:10162",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.8",
    "package" : "microcode_ctl-4:20220809-2.20250512.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-06-24T00:00:00Z",
    "advisory" : "RHBA-2025:9433",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "microcode_ctl-4:20250211-1.20250512.1.el9_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2025-07-01T00:00:00Z",
    "advisory" : "RHSA-2025:10103",
    "cpe" : "cpe:/o:redhat:rhel_e4s:9.0",
    "package" : "microcode_ctl-4:20220207-1.20250512.1.el9_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2025-07-01T00:00:00Z",
    "advisory" : "RHSA-2025:10102",
    "cpe" : "cpe:/o:redhat:rhel_e4s:9.2",
    "package" : "microcode_ctl-4:20220809-2.20250512.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2025-07-01T00:00:00Z",
    "advisory" : "RHSA-2025:10101",
    "cpe" : "cpe:/o:redhat:rhel_eus:9.4",
    "package" : "microcode_ctl-4:20230808-2.20250512.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "microcode_ctl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Fix deferred",
    "package_name" : "microcode_ctl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-43420\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-43420\nhttps://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html" ],
  "name" : "CVE-2024-43420",
  "csaw" : false
}