{
  "threat_severity" : "Moderate",
  "public_date" : "2025-05-13T21:03:12Z",
  "bugzilla" : {
    "description" : "microcode_ctl: Exposure of sensitive information",
    "id" : "2366162",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2366162"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.6",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-1423",
  "details" : [ "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access." ],
  "statement" : "Intel has recommended through its official advisory that users of the affected processors search their hardware vendor for firmware updates.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7.7 Advanced Update Support",
    "release_date" : "2025-07-01T00:00:00Z",
    "advisory" : "RHSA-2025:10111",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.7",
    "package" : "microcode_ctl-2:2.1-53.26.el7_7.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
    "release_date" : "2025-07-01T00:00:00Z",
    "advisory" : "RHSA-2025:10108",
    "cpe" : "cpe:/o:redhat:rhel_els:7",
    "package" : "microcode_ctl-2:2.1-73.24.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-07-14T00:00:00Z",
    "advisory" : "RHSA-2025:10991",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "microcode_ctl-4:20250512-1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support",
    "release_date" : "2025-07-01T00:00:00Z",
    "advisory" : "RHSA-2025:10126",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.2",
    "package" : "microcode_ctl-4:20191115-4.20250512.1.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "release_date" : "2025-07-01T00:00:00Z",
    "advisory" : "RHSA-2025:10107",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.4",
    "package" : "microcode_ctl-4:20210216-1.20250512.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
    "release_date" : "2025-07-01T00:00:00Z",
    "advisory" : "RHSA-2025:10109",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.6",
    "package" : "microcode_ctl-4:20220207-1.20250512.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
    "release_date" : "2025-07-01T00:00:00Z",
    "advisory" : "RHSA-2025:10109",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.6",
    "package" : "microcode_ctl-4:20220207-1.20250512.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
    "release_date" : "2025-07-01T00:00:00Z",
    "advisory" : "RHSA-2025:10109",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.6",
    "package" : "microcode_ctl-4:20220207-1.20250512.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
    "release_date" : "2025-07-01T00:00:00Z",
    "advisory" : "RHSA-2025:10162",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.8",
    "package" : "microcode_ctl-4:20220809-2.20250512.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
    "release_date" : "2025-07-01T00:00:00Z",
    "advisory" : "RHSA-2025:10162",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.8",
    "package" : "microcode_ctl-4:20220809-2.20250512.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-06-24T00:00:00Z",
    "advisory" : "RHBA-2025:9433",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "microcode_ctl-4:20250211-1.20250512.1.el9_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2025-07-01T00:00:00Z",
    "advisory" : "RHSA-2025:10103",
    "cpe" : "cpe:/o:redhat:rhel_e4s:9.0",
    "package" : "microcode_ctl-4:20220207-1.20250512.1.el9_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2025-07-01T00:00:00Z",
    "advisory" : "RHSA-2025:10102",
    "cpe" : "cpe:/o:redhat:rhel_e4s:9.2",
    "package" : "microcode_ctl-4:20220809-2.20250512.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2025-07-01T00:00:00Z",
    "advisory" : "RHSA-2025:10101",
    "cpe" : "cpe:/o:redhat:rhel_eus:9.4",
    "package" : "microcode_ctl-4:20230808-2.20250512.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "microcode_ctl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Fix deferred",
    "package_name" : "microcode_ctl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-45332\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-45332\nhttp://www.openwall.com/lists/oss-security/2025/05/13/7\nhttps://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html" ],
  "name" : "CVE-2024-45332",
  "csaw" : false
}