Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-35979 (GCVE-0-2025-35979)
Vulnerability from cvelistv5 – Published: 2026-05-12 16:35 – Updated: 2026-05-12 17:06
VLAI
EPSS
Summary
Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Processors within VMX non-root (guest) operation may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (none) and availability (none) impacts.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Information Disclosure
- CWE-1423 - Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Intel(R) Processors |
Affected:
See references
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-35979",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-12T16:59:25.435200Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T17:06:38.320Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Processors",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Processors within VMX non-root (guest) operation may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (none) and availability (none) impacts."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en"
},
{
"cweId": "CWE-1423",
"description": "Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T16:35:09.865Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01420.html",
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01420.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2025-35979",
"datePublished": "2026-05-12T16:35:09.865Z",
"dateReserved": "2025-04-15T21:20:16.409Z",
"dateUpdated": "2026-05-12T17:06:38.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-35979",
"date": "2026-06-16",
"epss": "0.00096",
"percentile": "0.00913"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-35979\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2026-05-12T17:16:13.347\",\"lastModified\":\"2026-05-13T15:52:56.850\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Processors within VMX non-root (guest) operation may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (none) and availability (none) impacts.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"secure@intel.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"references\":[{\"url\":\"https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01420.html\",\"source\":\"secure@intel.com\"}]}}"
}
}
FKIE_CVE-2025-35979
Vulnerability from fkie_nvd - Published: 2026-05-12 17:16 - Updated: 2026-05-13 15:52
Severity
Summary
Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Processors within VMX non-root (guest) operation may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (none) and availability (none) impacts.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Processors within VMX non-root (guest) operation may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (none) and availability (none) impacts."
}
],
"id": "CVE-2025-35979",
"lastModified": "2026-05-13T15:52:56.850",
"metrics": {
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "secure@intel.com",
"type": "Secondary"
}
]
},
"published": "2026-05-12T17:16:13.347",
"references": [
{
"source": "secure@intel.com",
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01420.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Awaiting Analysis"
}
GHSA-F5VW-X3GP-VR4C
Vulnerability from github – Published: 2026-05-12 18:30 – Updated: 2026-05-12 18:30
VLAI
Details
Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Processors within VMX non-root (guest) operation may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (none) and availability (none) impacts.
Severity
{
"affected": [],
"aliases": [
"CVE-2025-35979"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-12T17:16:13Z",
"severity": "MODERATE"
},
"details": "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Processors within VMX non-root (guest) operation may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (none) and availability (none) impacts.",
"id": "GHSA-f5vw-x3gp-vr4c",
"modified": "2026-05-12T18:30:38Z",
"published": "2026-05-12T18:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-35979"
},
{
"type": "WEB",
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01420.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
OPENSUSE-SU-2026:10783-1
Vulnerability from csaf_opensuse - Published: 2026-05-14 00:00 - Updated: 2026-05-14 00:00Summary
ucode-intel-20260512-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: ucode-intel-20260512-1.1 on GA media
Description of the patch: These are all security issues fixed in the ucode-intel-20260512-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10783
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.7 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ucode-intel-20260512-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ucode-intel-20260512-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ucode-intel-20260512-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ucode-intel-20260512-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ucode-intel-20260512-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ucode-intel-20260512-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10783",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10783-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-35979 page",
"url": "https://www.suse.com/security/cve/CVE-2025-35979/"
}
],
"title": "ucode-intel-20260512-1.1 on GA media",
"tracking": {
"current_release_date": "2026-05-14T00:00:00Z",
"generator": {
"date": "2026-05-14T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10783-1",
"initial_release_date": "2026-05-14T00:00:00Z",
"revision_history": [
{
"date": "2026-05-14T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20260512-1.1.aarch64",
"product": {
"name": "ucode-intel-20260512-1.1.aarch64",
"product_id": "ucode-intel-20260512-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20260512-1.1.ppc64le",
"product": {
"name": "ucode-intel-20260512-1.1.ppc64le",
"product_id": "ucode-intel-20260512-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20260512-1.1.s390x",
"product": {
"name": "ucode-intel-20260512-1.1.s390x",
"product_id": "ucode-intel-20260512-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20260512-1.1.x86_64",
"product": {
"name": "ucode-intel-20260512-1.1.x86_64",
"product_id": "ucode-intel-20260512-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20260512-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ucode-intel-20260512-1.1.aarch64"
},
"product_reference": "ucode-intel-20260512-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20260512-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ucode-intel-20260512-1.1.ppc64le"
},
"product_reference": "ucode-intel-20260512-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20260512-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ucode-intel-20260512-1.1.s390x"
},
"product_reference": "ucode-intel-20260512-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20260512-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ucode-intel-20260512-1.1.x86_64"
},
"product_reference": "ucode-intel-20260512-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-35979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-35979"
}
],
"notes": [
{
"category": "general",
"text": "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Processors within VMX non-root (guest) operation may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (none) and availability (none) impacts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ucode-intel-20260512-1.1.aarch64",
"openSUSE Tumbleweed:ucode-intel-20260512-1.1.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20260512-1.1.s390x",
"openSUSE Tumbleweed:ucode-intel-20260512-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-35979",
"url": "https://www.suse.com/security/cve/CVE-2025-35979"
},
{
"category": "external",
"summary": "SUSE Bug 1265189 for CVE-2025-35979",
"url": "https://bugzilla.suse.com/1265189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ucode-intel-20260512-1.1.aarch64",
"openSUSE Tumbleweed:ucode-intel-20260512-1.1.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20260512-1.1.s390x",
"openSUSE Tumbleweed:ucode-intel-20260512-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ucode-intel-20260512-1.1.aarch64",
"openSUSE Tumbleweed:ucode-intel-20260512-1.1.ppc64le",
"openSUSE Tumbleweed:ucode-intel-20260512-1.1.s390x",
"openSUSE Tumbleweed:ucode-intel-20260512-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-14T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-35979"
}
]
}
SUSE-SU-2026:21725-1
Vulnerability from csaf_suse - Published: 2026-05-21 09:27 - Updated: 2026-05-21 09:27Summary
Security update for ucode-intel
Severity
Moderate
Notes
Title of the patch: Security update for ucode-intel
Description of the patch: This update for ucode-intel fixes the following issues
Security issue:
- CVE-2025-35979: data leaks fixed in 20260512 release (bsc#1265189).
Non security issues:
- TW 20250826 Kernel 6.16.3 tainted with value of 4 after reboot. (bsc#1249138).
- Intel CPU Microcode was updated to the 20260512 release (bsc#1265189)
### New Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| PTL 404 | A1 | 06-cc-03/90 | | 0000011b | Intel Core Ultra Processor (Series 3)
| PTL-H 484/12Xe | A0/B0 | 06-cc-02/90 | | 0000011b | Intel Core Ultra Processor (Series 3)
### Updated Platforms
| ARL-H | A1 | 06-c5-02/82 | 0000011b | 00000121 | Core Ultra Processor (Series 2)
| ARL-S/HX (8P) | B0 | 06-c6-02/82 | 0000011b | 00000121 | Core Ultra Processor (Series 2)
| EMR-SP | A1 | 06-cf-02/87 | 210002d3 | 210002e0 | Xeon Scalable Gen5
| GNR-AP/SP | Bx/Hx/Lx | 06-ad-01/95 | 01000405 | 01000423 | Xeon 6900/6700/6500 Series Processors with P-Cores
| GNR-D | B0/B1 | 06-ae-01/97 | 01000303 | 01000307 | Xeon 6700P-B/6500P-B Series SoC with P-Cores
| GNR-SP R1S | Bx/Hx/Lx | 06-ad-01/20 | 0a000133 | 0a000142 | Xeon 6700/6500-Series Processors with P-Cores
| LNL | B0 | 06-bd-01/80 | 00000125 | 00000126 | Core Ultra 200 V Series Processor
| SPR-SP | E4/S2 | 06-8f-07/87 | 2b000661 | 2b000670 | Xeon Scalable Gen4
| SPR-SP | E5/S3 | 06-8f-08/87 | 2b000661 | 2b000670 | Xeon Scalable Gen4
| SRF-AP/SP | C0 | 06-af-03/01 | 03000382 | 030003a3 | Xeon 6900/6700-Series Processors with E-Cores
Patchnames: SUSE-SLE-Micro-6.0-719
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.7 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:ucode-intel-20260512-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ucode-intel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ucode-intel fixes the following issues\n\nSecurity issue:\n\n- CVE-2025-35979: data leaks fixed in 20260512 release (bsc#1265189).\n\nNon security issues:\n\n- TW 20250826 Kernel 6.16.3 tainted with value of 4 after reboot. (bsc#1249138).\n- Intel CPU Microcode was updated to the 20260512 release (bsc#1265189)\n ### New Platforms\n | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products\n |:---------------|:---------|:------------|:---------|:---------|:---------\n | PTL 404 | A1 | 06-cc-03/90 | | 0000011b | Intel Core Ultra Processor (Series 3)\n | PTL-H 484/12Xe | A0/B0 | 06-cc-02/90 | | 0000011b | Intel Core Ultra Processor (Series 3)\n ### Updated Platforms\n | ARL-H | A1 | 06-c5-02/82 | 0000011b | 00000121 | Core Ultra Processor (Series 2)\n | ARL-S/HX (8P) | B0 | 06-c6-02/82 | 0000011b | 00000121 | Core Ultra Processor (Series 2)\n | EMR-SP | A1 | 06-cf-02/87 | 210002d3 | 210002e0 | Xeon Scalable Gen5\n | GNR-AP/SP | Bx/Hx/Lx | 06-ad-01/95 | 01000405 | 01000423 | Xeon 6900/6700/6500 Series Processors with P-Cores\n | GNR-D | B0/B1 | 06-ae-01/97 | 01000303 | 01000307 | Xeon 6700P-B/6500P-B Series SoC with P-Cores\n | GNR-SP R1S | Bx/Hx/Lx | 06-ad-01/20 | 0a000133 | 0a000142 | Xeon 6700/6500-Series Processors with P-Cores\n | LNL | B0 | 06-bd-01/80 | 00000125 | 00000126 | Core Ultra 200 V Series Processor\n | SPR-SP | E4/S2 | 06-8f-07/87 | 2b000661 | 2b000670 | Xeon Scalable Gen4\n | SPR-SP | E5/S3 | 06-8f-08/87 | 2b000661 | 2b000670 | Xeon Scalable Gen4\n | SRF-AP/SP | C0 | 06-af-03/01 | 03000382 | 030003a3 | Xeon 6900/6700-Series Processors with E-Cores\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-719",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21725-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21725-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621725-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21725-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-May/046692.html"
},
{
"category": "self",
"summary": "SUSE Bug 1230400",
"url": "https://bugzilla.suse.com/1230400"
},
{
"category": "self",
"summary": "SUSE Bug 1249138",
"url": "https://bugzilla.suse.com/1249138"
},
{
"category": "self",
"summary": "SUSE Bug 1253319",
"url": "https://bugzilla.suse.com/1253319"
},
{
"category": "self",
"summary": "SUSE Bug 1265189",
"url": "https://bugzilla.suse.com/1265189"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-35979 page",
"url": "https://www.suse.com/security/cve/CVE-2025-35979/"
}
],
"title": "Security update for ucode-intel",
"tracking": {
"current_release_date": "2026-05-21T09:27:26Z",
"generator": {
"date": "2026-05-21T09:27:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21725-1",
"initial_release_date": "2026-05-21T09:27:26Z",
"revision_history": [
{
"date": "2026-05-21T09:27:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20260512-1.1.x86_64",
"product": {
"name": "ucode-intel-20260512-1.1.x86_64",
"product_id": "ucode-intel-20260512-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20260512-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:ucode-intel-20260512-1.1.x86_64"
},
"product_reference": "ucode-intel-20260512-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-35979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-35979"
}
],
"notes": [
{
"category": "general",
"text": "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Processors within VMX non-root (guest) operation may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (none) and availability (none) impacts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:ucode-intel-20260512-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-35979",
"url": "https://www.suse.com/security/cve/CVE-2025-35979"
},
{
"category": "external",
"summary": "SUSE Bug 1265189 for CVE-2025-35979",
"url": "https://bugzilla.suse.com/1265189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:ucode-intel-20260512-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:ucode-intel-20260512-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-21T09:27:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-35979"
}
]
}
SUSE-SU-2026:21897-1
Vulnerability from csaf_suse - Published: 2026-05-22 09:37 - Updated: 2026-05-22 09:37Summary
Security update for ucode-intel
Severity
Moderate
Notes
Title of the patch: Security update for ucode-intel
Description of the patch: This update for ucode-intel fixes the following issues
Security issue:
- CVE-2025-35979: data leaks fixed in 20260512 release (bsc#1265189).
Non security issues:
- TW 20250826 Kernel 6.16.3 tainted with value of 4 after reboot. (bsc#1249138).
- Intel CPU Microcode was updated to the 20260512 release (bsc#1265189)
### New Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| PTL 404 | A1 | 06-cc-03/90 | | 0000011b | Intel Core Ultra Processor (Series 3)
| PTL-H 484/12Xe | A0/B0 | 06-cc-02/90 | | 0000011b | Intel Core Ultra Processor (Series 3)
### Updated Platforms
| ARL-H | A1 | 06-c5-02/82 | 0000011b | 00000121 | Core Ultra Processor (Series 2)
| ARL-S/HX (8P) | B0 | 06-c6-02/82 | 0000011b | 00000121 | Core Ultra Processor (Series 2)
| EMR-SP | A1 | 06-cf-02/87 | 210002d3 | 210002e0 | Xeon Scalable Gen5
| GNR-AP/SP | Bx/Hx/Lx | 06-ad-01/95 | 01000405 | 01000423 | Xeon 6900/6700/6500 Series Processors with P-Cores
| GNR-D | B0/B1 | 06-ae-01/97 | 01000303 | 01000307 | Xeon 6700P-B/6500P-B Series SoC with P-Cores
| GNR-SP R1S | Bx/Hx/Lx | 06-ad-01/20 | 0a000133 | 0a000142 | Xeon 6700/6500-Series Processors with P-Cores
| LNL | B0 | 06-bd-01/80 | 00000125 | 00000126 | Core Ultra 200 V Series Processor
| SPR-SP | E4/S2 | 06-8f-07/87 | 2b000661 | 2b000670 | Xeon Scalable Gen4
| SPR-SP | E5/S3 | 06-8f-08/87 | 2b000661 | 2b000670 | Xeon Scalable Gen4
| SRF-AP/SP | C0 | 06-af-03/01 | 03000382 | 030003a3 | Xeon 6900/6700-Series Processors with E-Cores
Patchnames: SUSE-SLE-Micro-6.1-545
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.7 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:ucode-intel-20260512-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ucode-intel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ucode-intel fixes the following issues\n\nSecurity issue:\n\n- CVE-2025-35979: data leaks fixed in 20260512 release (bsc#1265189).\n\nNon security issues:\n\n- TW 20250826 Kernel 6.16.3 tainted with value of 4 after reboot. (bsc#1249138).\n- Intel CPU Microcode was updated to the 20260512 release (bsc#1265189)\n ### New Platforms\n | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products\n |:---------------|:---------|:------------|:---------|:---------|:---------\n | PTL 404 | A1 | 06-cc-03/90 | | 0000011b | Intel Core Ultra Processor (Series 3)\n | PTL-H 484/12Xe | A0/B0 | 06-cc-02/90 | | 0000011b | Intel Core Ultra Processor (Series 3)\n ### Updated Platforms\n | ARL-H | A1 | 06-c5-02/82 | 0000011b | 00000121 | Core Ultra Processor (Series 2)\n | ARL-S/HX (8P) | B0 | 06-c6-02/82 | 0000011b | 00000121 | Core Ultra Processor (Series 2)\n | EMR-SP | A1 | 06-cf-02/87 | 210002d3 | 210002e0 | Xeon Scalable Gen5\n | GNR-AP/SP | Bx/Hx/Lx | 06-ad-01/95 | 01000405 | 01000423 | Xeon 6900/6700/6500 Series Processors with P-Cores\n | GNR-D | B0/B1 | 06-ae-01/97 | 01000303 | 01000307 | Xeon 6700P-B/6500P-B Series SoC with P-Cores\n | GNR-SP R1S | Bx/Hx/Lx | 06-ad-01/20 | 0a000133 | 0a000142 | Xeon 6700/6500-Series Processors with P-Cores\n | LNL | B0 | 06-bd-01/80 | 00000125 | 00000126 | Core Ultra 200 V Series Processor\n | SPR-SP | E4/S2 | 06-8f-07/87 | 2b000661 | 2b000670 | Xeon Scalable Gen4\n | SPR-SP | E5/S3 | 06-8f-08/87 | 2b000661 | 2b000670 | Xeon Scalable Gen4\n | SRF-AP/SP | C0 | 06-af-03/01 | 03000382 | 030003a3 | Xeon 6900/6700-Series Processors with E-Cores\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-545",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21897-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21897-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621897-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21897-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026495.html"
},
{
"category": "self",
"summary": "SUSE Bug 1230400",
"url": "https://bugzilla.suse.com/1230400"
},
{
"category": "self",
"summary": "SUSE Bug 1249138",
"url": "https://bugzilla.suse.com/1249138"
},
{
"category": "self",
"summary": "SUSE Bug 1253319",
"url": "https://bugzilla.suse.com/1253319"
},
{
"category": "self",
"summary": "SUSE Bug 1265189",
"url": "https://bugzilla.suse.com/1265189"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-35979 page",
"url": "https://www.suse.com/security/cve/CVE-2025-35979/"
}
],
"title": "Security update for ucode-intel",
"tracking": {
"current_release_date": "2026-05-22T09:37:17Z",
"generator": {
"date": "2026-05-22T09:37:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21897-1",
"initial_release_date": "2026-05-22T09:37:17Z",
"revision_history": [
{
"date": "2026-05-22T09:37:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20260512-slfo.1.1_1.1.x86_64",
"product": {
"name": "ucode-intel-20260512-slfo.1.1_1.1.x86_64",
"product_id": "ucode-intel-20260512-slfo.1.1_1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20260512-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:ucode-intel-20260512-slfo.1.1_1.1.x86_64"
},
"product_reference": "ucode-intel-20260512-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-35979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-35979"
}
],
"notes": [
{
"category": "general",
"text": "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Processors within VMX non-root (guest) operation may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (none) and availability (none) impacts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:ucode-intel-20260512-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-35979",
"url": "https://www.suse.com/security/cve/CVE-2025-35979"
},
{
"category": "external",
"summary": "SUSE Bug 1265189 for CVE-2025-35979",
"url": "https://bugzilla.suse.com/1265189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:ucode-intel-20260512-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:ucode-intel-20260512-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-22T09:37:17Z",
"details": "moderate"
}
],
"title": "CVE-2025-35979"
}
]
}
WID-SEC-W-2026-1480
Vulnerability from csaf_certbund - Published: 2026-05-12 22:00 - Updated: 2026-06-02 22:00Summary
Intel Prozessor: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Der Prozessor ist das zentrale Rechenwerk eines Computers.
Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen in Intel Prozessor ausnutzen, um erweiterte Privilegien zu erlangen oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme: - Sonstiges
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Intel Prozessor Ultra (Series 2)
Intel / Prozessor
|
cpe:/h:intel:intel_prozessor:ultra_%28series_2%29
|
Ultra (Series 2) | |
|
Intel Prozessor Ultra (Series 3)
Intel / Prozessor
|
cpe:/h:intel:intel_prozessor:ultra_%28series_3%29
|
Ultra (Series 3) | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Intel Prozessor Ultra 200S Series
Intel / Prozessor
|
cpe:/h:intel:intel_prozessor:ultra_200s_series
|
Ultra 200S Series | |
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
HPE Synergy 480 Gen11 Compute Module
HPE / Synergy
|
cpe:/h:hpe:synergy:480_gen11_compute_module
|
480 Gen11 Compute Module |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
HPE Synergy 480 Gen11 Compute Module
HPE / Synergy
|
cpe:/h:hpe:synergy:480_gen11_compute_module
|
480 Gen11 Compute Module | |
|
Intel Prozessor 4th Generation Xeon Scalable
Intel / Prozessor
|
cpe:/h:intel:intel_prozessor:4th_generation_xeon_scalable
|
4th Generation Xeon Scalable | |
|
Intel Prozessor 5th Generation Xeon Scalable
Intel / Prozessor
|
cpe:/h:intel:intel_prozessor:5th_generation_xeon_scalable
|
5th Generation Xeon Scalable |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Intel Prozessor Slim Bootloader
Intel / Prozessor
|
cpe:/h:intel:intel_prozessor:slim_bootloader
|
Slim Bootloader | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
HPE Synergy 480 Gen11 Compute Module
HPE / Synergy
|
cpe:/h:hpe:synergy:480_gen11_compute_module
|
480 Gen11 Compute Module |
References
11 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Prozessor ist das zentrale Rechenwerk eines Computers.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Intel Prozessor ausnutzen, um erweiterte Privilegien zu erlangen oder vertrauliche Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1480 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1480.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1480 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1480"
},
{
"category": "external",
"summary": "Intel Security Advisory INTEL-SA-01425 vom 2026-05-12",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01425.html"
},
{
"category": "external",
"summary": "Intel Security Advisory INTEL-SA-01420 vom 2026-05-12",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01420.html"
},
{
"category": "external",
"summary": "Intel Security Advisory INTEL-SA-01413 vom 2026-05-12",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01413.html"
},
{
"category": "external",
"summary": "HP Security Bulletin HPESBHF05052 vom 2026-05-12",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf05052en_us\u0026docLocale=en_US"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2026-118 vom 2026-05-14",
"url": "https://www.dell.com/support/kbdoc/000432933"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21725-1 vom 2026-05-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026246.html"
},
{
"category": "external",
"summary": "HP Security Bulletin HPESBHF05053 vom 2026-05-25",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf05053en_us\u0026docLocale=en_US"
},
{
"category": "external",
"summary": "HP Security Bulletin HPSBHF04115 vom 2026-05-20",
"url": "https://support.hp.com/de-de/document/ish_14918853-14919391-16/HPSBHF04115"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21897-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026495.html"
}
],
"source_lang": "en-US",
"title": "Intel Prozessor: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-02T22:00:00.000+00:00",
"generator": {
"date": "2026-06-03T06:02:27.514+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1480",
"initial_release_date": "2026-05-12T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-05-12T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-05-14T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2026-05-25T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE und HP aufgenommen"
},
{
"date": "2026-06-02T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Dell Computer",
"product": {
"name": "Dell Computer",
"product_id": "T006498",
"product_identification_helper": {
"cpe": "cpe:/o:dell:dell_computer:-"
}
}
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "HP Computer",
"product": {
"name": "HP Computer",
"product_id": "T054617",
"product_identification_helper": {
"cpe": "cpe:/h:hp:computer:-"
}
}
}
],
"category": "vendor",
"name": "HP"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE ProLiant",
"product": {
"name": "HPE ProLiant",
"product_id": "T027705",
"product_identification_helper": {
"cpe": "cpe:/h:hp:proliant:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "480 Gen11 Compute Module",
"product": {
"name": "HPE Synergy 480 Gen11 Compute Module",
"product_id": "T053895",
"product_identification_helper": {
"cpe": "cpe:/h:hpe:synergy:480_gen11_compute_module"
}
}
}
],
"category": "product_name",
"name": "Synergy"
}
],
"category": "vendor",
"name": "HPE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Slim Bootloader",
"product": {
"name": "Intel Prozessor Slim Bootloader",
"product_id": "T043598",
"product_identification_helper": {
"cpe": "cpe:/h:intel:intel_prozessor:slim_bootloader"
}
}
},
{
"category": "product_version",
"name": "Ultra 200S Series",
"product": {
"name": "Intel Prozessor Ultra 200S Series",
"product_id": "T053879",
"product_identification_helper": {
"cpe": "cpe:/h:intel:intel_prozessor:ultra_200s_series"
}
}
},
{
"category": "product_version",
"name": "Ultra (Series 2)",
"product": {
"name": "Intel Prozessor Ultra (Series 2)",
"product_id": "T053880",
"product_identification_helper": {
"cpe": "cpe:/h:intel:intel_prozessor:ultra_%28series_2%29"
}
}
},
{
"category": "product_version",
"name": "Ultra (Series 3)",
"product": {
"name": "Intel Prozessor Ultra (Series 3)",
"product_id": "T053881",
"product_identification_helper": {
"cpe": "cpe:/h:intel:intel_prozessor:ultra_%28series_3%29"
}
}
},
{
"category": "product_version",
"name": "4th Generation Xeon Scalable",
"product": {
"name": "Intel Prozessor 4th Generation Xeon Scalable",
"product_id": "T053882",
"product_identification_helper": {
"cpe": "cpe:/h:intel:intel_prozessor:4th_generation_xeon_scalable"
}
}
},
{
"category": "product_version",
"name": "5th Generation Xeon Scalable",
"product": {
"name": "Intel Prozessor 5th Generation Xeon Scalable",
"product_id": "T053883",
"product_identification_helper": {
"cpe": "cpe:/h:intel:intel_prozessor:5th_generation_xeon_scalable"
}
}
}
],
"category": "product_name",
"name": "Prozessor"
}
],
"category": "vendor",
"name": "Intel"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T054591",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-35979",
"product_status": {
"known_affected": [
"T006498",
"T053880",
"T053881",
"T027705",
"T054591",
"T053879",
"T054617",
"T053895"
]
},
"release_date": "2026-05-12T22:00:00.000+00:00",
"title": "CVE-2025-35979"
},
{
"cve": "CVE-2025-35991",
"product_status": {
"known_affected": [
"T006498",
"T027705",
"T054591",
"T054617",
"T053895",
"T053882",
"T053883"
]
},
"release_date": "2026-05-12T22:00:00.000+00:00",
"title": "CVE-2025-35991"
},
{
"cve": "CVE-2026-20753",
"product_status": {
"known_affected": [
"T006498",
"T043598",
"T027705",
"T054591",
"T054617",
"T053895"
]
},
"release_date": "2026-05-12T22:00:00.000+00:00",
"title": "CVE-2026-20753"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…