{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-45332", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "state": "PUBLISHED", "assignerShortName": "intel", "dateReserved": "2024-09-19T03:00:23.104Z", "datePublished": "2025-05-13T21:03:12.207Z", "dateUpdated": "2025-11-03T19:30:52.919Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2025-05-13T21:03:12.207Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Information Disclosure"}, {"lang": "en", "description": "Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution", "cweId": "CWE-1423", "type": "CWE"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) Processors", "versions": [{"version": "See references", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."}], "references": [{"name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html", "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 5.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "cvssV4_0": {"version": "4.0", "baseScore": 5.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "attackVector": "LOCAL", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE"}}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/05/13/7"}, {"url": "https://comsec.ethz.ch/research/microarch/branch-privilege-injection/"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00021.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:30:52.919Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-14T13:56:46.683867Z", "id": "CVE-2024-45332", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-14T13:57:24.912Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/05/13/7"}, {"url": "https://comsec.ethz.ch/research/microarch/branch-privilege-injection/"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00021.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:30:52.919Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45332", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-14T13:56:46.683867Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-14T13:57:17.969Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "cvssV4_0": {"version": "4.0", "baseScore": 5.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) Processors", "versions": [{"status": "affected", "version": "See references"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html", "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html"}], "descriptions": [{"lang": "en", "value": "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Information Disclosure"}, {"lang": "en", "type": "CWE", "cweId": "CWE-1423", "description": "Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution"}]}], "providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2025-05-13T21:03:12.207Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45332", "state": "PUBLISHED", "dateUpdated": "2025-11-03T19:30:52.919Z", "dateReserved": "2024-09-19T03:00:23.104Z", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "datePublished": "2025-05-13T21:03:12.207Z", "assignerShortName": "intel"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."}, {"lang": "es", "value": "La exposici\u00f3n de informaci\u00f3n confidencial causada por el estado del predictor microarquitect\u00f3nico compartido que influye en la ejecuci\u00f3n transitoria en los predictores de rama indirecta para algunos Intel(R) Processors puede permitir que un usuario autenticado habilite potencialmente la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso local."}], "id": "CVE-2024-45332", "lastModified": "2025-11-03T20:16:30.310", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 4.0, "source": "[email protected]", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-05-13T21:16:01.230", "references": [{"source": "[email protected]", "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2025/05/13/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://comsec.ethz.ch/research/microarch/branch-privilege-injection/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00021.html"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2025:10111", "cpe": "cpe:/o:redhat:rhel_aus:7.7", "package": "microcode_ctl-2:2.1-53.26.el7_7.1", "product_name": "Red Hat Enterprise Linux 7.7 Advanced Update Support", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10108", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "microcode_ctl-2:2.1-73.24.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10126", "cpe": "cpe:/o:redhat:rhel_aus:8.2", "package": "microcode_ctl-4:20191115-4.20250512.1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10107", "cpe": "cpe:/o:redhat:rhel_aus:8.4", "package": "microcode_ctl-4:20210216-1.20250512.1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10109", "cpe": "cpe:/o:redhat:rhel_aus:8.6", "package": "microcode_ctl-4:20220207-1.20250512.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10109", "cpe": "cpe:/o:redhat:rhel_tus:8.6", "package": "microcode_ctl-4:20220207-1.20250512.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10109", "cpe": "cpe:/o:redhat:rhel_e4s:8.6", "package": "microcode_ctl-4:20220207-1.20250512.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10162", "cpe": "cpe:/o:redhat:rhel_tus:8.8", "package": "microcode_ctl-4:20220809-2.20250512.1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10162", "cpe": "cpe:/o:redhat:rhel_e4s:8.8", "package": "microcode_ctl-4:20220809-2.20250512.1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHBA-2025:9433", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "microcode_ctl-4:20250211-1.20250512.1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-06-24T00:00:00Z"}, {"advisory": "RHSA-2025:10103", "cpe": "cpe:/o:redhat:rhel_e4s:9.0", "package": "microcode_ctl-4:20220207-1.20250512.1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10102", "cpe": "cpe:/o:redhat:rhel_e4s:9.2", "package": "microcode_ctl-4:20220809-2.20250512.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10101", "cpe": "cpe:/o:redhat:rhel_eus:9.4", "package": "microcode_ctl-4:20230808-2.20250512.1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-07-01T00:00:00Z"}], "bugzilla": {"description": "microcode_ctl: Exposure of sensitive information", "id": "2366162", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366162"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-1423", "details": ["Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."], "name": "CVE-2024-45332", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "microcode_ctl", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "microcode_ctl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "microcode_ctl", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2025-05-13T21:03:12Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-45332\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-45332\nhttp://www.openwall.com/lists/oss-security/2025/05/13/7\nhttps://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html"], "statement": "Intel has recommended through its official advisory that users of the affected processors search their hardware vendor for firmware updates.", "threat_severity": "Moderate"}