Vulnerability-Lookup

WID-SEC-W-2025-1030

Vulnerability from csaf_certbund - Published: 2025-05-13 22:00 - Updated: 2026-05-05 22:00

Summary

Intel Prozessoren: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Der Prozessor ist das zentrale Rechenwerk eines Computers.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Intel Prozessoren ausnutzen, um seine Privilegien zu erhöhen, einen Denial-of-Service-Zustand herbeizuführen und vertrauliche Informationen preiszugeben.

Betroffene Betriebssysteme: - Hardware Appliance

CVE-2025-20047

Affected products

Known affected 21 products

Product	Identifier	Version
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Dell PowerScale OneFS <13.2.3 Dell / PowerScale OneFS		<13.2.3
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Dell PowerScale OneFS OneFS Dell / PowerScale OneFS	`cpe:/a:dell:powerscale_onefs:onefs`	OneFS
Google Cloud Platform Google	`cpe:/a:google:cloud_platform:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Dell Avamar Dell	`cpe:/a:dell:avamar:-`	—
Dell PowerEdge Dell	`cpe:/h:dell:poweredge:-`	—
Intel Prozessor Intel / Prozessor	`cpe:/h:intel:intel_prozessor:-`	—
HPE Synergy HPE	`cpe:/h:hpe:synergy:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Intel Prozessor CNVi Intel / Prozessor	`cpe:/h:intel:intel_prozessor:cnvi`	CNVi

CVE-2024-48869

Affected products

Known affected 21 products

Product	Identifier	Version
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Dell PowerScale OneFS <13.2.3 Dell / PowerScale OneFS		<13.2.3
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Dell PowerScale OneFS OneFS Dell / PowerScale OneFS	`cpe:/a:dell:powerscale_onefs:onefs`	OneFS
Google Cloud Platform Google	`cpe:/a:google:cloud_platform:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Dell Avamar Dell	`cpe:/a:dell:avamar:-`	—
Intel Prozessor Xeon 6 E-cores Intel / Prozessor	`cpe:/h:intel:intel_prozessor:xeon_6_e-cores`	Xeon 6 E-cores
Dell PowerEdge Dell	`cpe:/h:dell:poweredge:-`	—
Intel Prozessor Intel / Prozessor	`cpe:/h:intel:intel_prozessor:-`	—
HPE Synergy HPE	`cpe:/h:hpe:synergy:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—

CVE-2025-20004

Affected products

Known affected 21 products

Product	Identifier	Version
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Dell PowerScale OneFS <13.2.3 Dell / PowerScale OneFS		<13.2.3
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Dell PowerScale OneFS OneFS Dell / PowerScale OneFS	`cpe:/a:dell:powerscale_onefs:onefs`	OneFS
Google Cloud Platform Google	`cpe:/a:google:cloud_platform:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Dell Avamar Dell	`cpe:/a:dell:avamar:-`	—
Intel Prozessor Xeon 6 E-cores Intel / Prozessor	`cpe:/h:intel:intel_prozessor:xeon_6_e-cores`	Xeon 6 E-cores
Dell PowerEdge Dell	`cpe:/h:dell:poweredge:-`	—
Intel Prozessor Intel / Prozessor	`cpe:/h:intel:intel_prozessor:-`	—
HPE Synergy HPE	`cpe:/h:hpe:synergy:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—

CVE-2025-20100

Affected products

Known affected 21 products

Product	Identifier	Version
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Dell PowerScale OneFS <13.2.3 Dell / PowerScale OneFS		<13.2.3
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Dell PowerScale OneFS OneFS Dell / PowerScale OneFS	`cpe:/a:dell:powerscale_onefs:onefs`	OneFS
Google Cloud Platform Google	`cpe:/a:google:cloud_platform:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Dell Avamar Dell	`cpe:/a:dell:avamar:-`	—
Intel Prozessor Xeon 6 E-cores Intel / Prozessor	`cpe:/h:intel:intel_prozessor:xeon_6_e-cores`	Xeon 6 E-cores
Dell PowerEdge Dell	`cpe:/h:dell:poweredge:-`	—
Intel Prozessor Intel / Prozessor	`cpe:/h:intel:intel_prozessor:-`	—
HPE Synergy HPE	`cpe:/h:hpe:synergy:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—

CVE-2025-20083

Affected products

Known affected 21 products

Product	Identifier	Version
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Dell PowerScale OneFS <13.2.3 Dell / PowerScale OneFS		<13.2.3
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Dell PowerScale OneFS OneFS Dell / PowerScale OneFS	`cpe:/a:dell:powerscale_onefs:onefs`	OneFS
Google Cloud Platform Google	`cpe:/a:google:cloud_platform:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Dell Avamar Dell	`cpe:/a:dell:avamar:-`	—
Intel Prozessor Slim Bootloader Intel / Prozessor	`cpe:/h:intel:intel_prozessor:slim_bootloader`	Slim Bootloader
Dell PowerEdge Dell	`cpe:/h:dell:poweredge:-`	—
Intel Prozessor Intel / Prozessor	`cpe:/h:intel:intel_prozessor:-`	—
HPE Synergy HPE	`cpe:/h:hpe:synergy:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—

CVE-2025-20054

Affected products

Known affected 20 products

Product	Identifier	Version
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Dell PowerScale OneFS <13.2.3 Dell / PowerScale OneFS		<13.2.3
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Dell PowerScale OneFS OneFS Dell / PowerScale OneFS	`cpe:/a:dell:powerscale_onefs:onefs`	OneFS
Google Cloud Platform Google	`cpe:/a:google:cloud_platform:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Dell Avamar Dell	`cpe:/a:dell:avamar:-`	—
Dell PowerEdge Dell	`cpe:/h:dell:poweredge:-`	—
Intel Prozessor Intel / Prozessor	`cpe:/h:intel:intel_prozessor:-`	—
HPE Synergy HPE	`cpe:/h:hpe:synergy:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—

CVE-2025-20103

Affected products

Known affected 20 products

Product	Identifier	Version
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Dell PowerScale OneFS <13.2.3 Dell / PowerScale OneFS		<13.2.3
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Dell PowerScale OneFS OneFS Dell / PowerScale OneFS	`cpe:/a:dell:powerscale_onefs:onefs`	OneFS
Google Cloud Platform Google	`cpe:/a:google:cloud_platform:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Dell Avamar Dell	`cpe:/a:dell:avamar:-`	—
Dell PowerEdge Dell	`cpe:/h:dell:poweredge:-`	—
Intel Prozessor Intel / Prozessor	`cpe:/h:intel:intel_prozessor:-`	—
HPE Synergy HPE	`cpe:/h:hpe:synergy:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—

CVE-2024-43420

Affected products

Known affected 20 products

Product	Identifier	Version
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Dell PowerScale OneFS <13.2.3 Dell / PowerScale OneFS		<13.2.3
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Dell PowerScale OneFS OneFS Dell / PowerScale OneFS	`cpe:/a:dell:powerscale_onefs:onefs`	OneFS
Google Cloud Platform Google	`cpe:/a:google:cloud_platform:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Dell Avamar Dell	`cpe:/a:dell:avamar:-`	—
Dell PowerEdge Dell	`cpe:/h:dell:poweredge:-`	—
Intel Prozessor Intel / Prozessor	`cpe:/h:intel:intel_prozessor:-`	—
HPE Synergy HPE	`cpe:/h:hpe:synergy:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—

CVE-2024-45332

Affected products

Known affected 20 products

Product	Identifier	Version
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Dell PowerScale OneFS <13.2.3 Dell / PowerScale OneFS		<13.2.3
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Dell PowerScale OneFS OneFS Dell / PowerScale OneFS	`cpe:/a:dell:powerscale_onefs:onefs`	OneFS
Google Cloud Platform Google	`cpe:/a:google:cloud_platform:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Dell Avamar Dell	`cpe:/a:dell:avamar:-`	—
Dell PowerEdge Dell	`cpe:/h:dell:poweredge:-`	—
Intel Prozessor Intel / Prozessor	`cpe:/h:intel:intel_prozessor:-`	—
HPE Synergy HPE	`cpe:/h:hpe:synergy:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—

CVE-2025-20623

Affected products

Known affected 20 products

Product	Identifier	Version
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Dell PowerScale OneFS <13.2.3 Dell / PowerScale OneFS		<13.2.3
HP Computer HP / Computer	`cpe:/h:hp:computer:-`	—
Dell PowerScale OneFS OneFS Dell / PowerScale OneFS	`cpe:/a:dell:powerscale_onefs:onefs`	OneFS
Google Cloud Platform Google	`cpe:/a:google:cloud_platform:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Dell Avamar Dell	`cpe:/a:dell:avamar:-`	—
Dell PowerEdge Dell	`cpe:/h:dell:poweredge:-`	—
Intel Prozessor Intel / Prozessor	`cpe:/h:intel:intel_prozessor:-`	—
HPE Synergy HPE	`cpe:/h:hpe:synergy:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—

References

38 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.intel.com/content/www/us/en/security-…	external
https://www.intel.com/content/www/us/en/security-…	external
https://www.intel.com/content/www/us/en/security-…	external
https://www.intel.com/content/www/us/en/security-…	external
https://www.intel.com/content/www/us/en/security-…	external
https://www.intel.com/content/www/us/en/security-…	external
https://www.intel.com/content/www/us/en/security-…	external
https://cloud.google.com/support/bulletins#gcp-2025-025	external
https://support.hpe.com/hpesc/public/docDisplay?d…	external
https://www.dell.com/support/kbdoc/de-de/00027244…	external
https://www.dell.com/support/kbdoc/de-de/00032093…	external
https://support.hpe.com/hpesc/public/docDisplay?d…	external
https://support.lenovo.com/us/en/product_security…	external
https://comsec.ethz.ch/research/microarch/branch-…	external
https://lists.debian.org/debian-lts-announce/2025…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.debian.org/debian-security-announce…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://support.hp.com/de-de/document/ish_1255962…	external
https://ubuntu.com/security/notices/USN-7535-1	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://alas.aws.amazon.com/AL2/ALAS-2025-2872.html	external
https://support.hp.com/us-en/document/ish_1256852…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://support.lenovo.com/us/en/product_security…	external
https://www.dell.com/support/kbdoc/000355904	external
https://www.dell.com/support/kbdoc/de-de/00036254…	external
https://linux.oracle.com/errata/ELSA-2025-10991.html	external
https://alas.aws.amazon.com/AL2/ALAS2-2025-2994.html	external
https://www.dell.com/support/kbdoc/de-de/00036369…	external
https://www.dell.com/support/kbdoc/de-de/00046140…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Prozessor ist das zentrale Rechenwerk eines Computers.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Intel Prozessoren ausnutzen, um seine Privilegien zu erh\u00f6hen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und vertrauliche Informationen preiszugeben.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Hardware Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1030 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1030.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1030 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1030"
      },
      {
        "category": "external",
        "summary": "Intel Core Ultra Processors CNVi Advisory vom 2025-05-13",
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01180.html"
      },
      {
        "category": "external",
        "summary": "2025.2 IPU, Intel Processor Advisory vom 2025-05-13",
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01244.html"
      },
      {
        "category": "external",
        "summary": "2025.2 IPU - Intel Processor Indirect Branch Predictor Advisory vom 2025-05-13",
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html"
      },
      {
        "category": "external",
        "summary": "Intel Xeon 6 processor with E-cores SGX and TDX Advisory vom 2025-05-13",
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01268.html"
      },
      {
        "category": "external",
        "summary": "Intel Xeon 6 processor E-Cores with Alias Checking Trusted Module Advisory vom 2025-05-13",
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01273.html"
      },
      {
        "category": "external",
        "summary": "Intel Xeon 6 processor with E-cores Advisory vom 2025-05-13",
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01278.html"
      },
      {
        "category": "external",
        "summary": "Intel Slim Bootloader Advisory vom 2025-05-13",
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01290.html"
      },
      {
        "category": "external",
        "summary": "Google Cloud Platform Security Bulletin GCP-2025-025 vom 2025-05-14",
        "url": "https://cloud.google.com/support/bulletins#gcp-2025-025"
      },
      {
        "category": "external",
        "summary": "HPE Security Bulletin HPESBHF04858 rev.1 vom 2025-05-13",
        "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04858en_us\u0026docLocale=en_US"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2025-048 vom 2025-05-13",
        "url": "https://www.dell.com/support/kbdoc/de-de/000272449/dsa-2025-048"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2025-156 vom 2025-05-13",
        "url": "https://www.dell.com/support/kbdoc/de-de/000320934/dsa-2025-156-security-update-for-dell-poweredge-server-for-intel-2025-security-advisories-2025-2-ipu"
      },
      {
        "category": "external",
        "summary": "HPE Security Bulletin HPESBHF04860 rev.1 vom 2025-05-13",
        "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04860en_us\u0026docLocale=en_US"
      },
      {
        "category": "external",
        "summary": "Lenovo Security Advisory LEN-195071 vom 2025-05-14",
        "url": "https://support.lenovo.com/us/en/product_security/LEN-195071"
      },
      {
        "category": "external",
        "summary": "PoC f\u00fcr CVE-2024-45332 vom 2025-05-14",
        "url": "https://comsec.ethz.ch/research/microarch/branch-privilege-injection/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4170 vom 2025-05-18",
        "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00021.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:1567-1 vom 2025-05-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020842.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15093-1 vom 2025-05-16",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IDMNMRHOEJBKOC4ZPMYVNMKT2SGRVB7Q/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:01650-1 vom 2025-05-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020877.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:01651-1 vom 2025-05-22",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/6G75W2R3WRICVZLBNWSHQ44DL3TMTL6V/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5924 vom 2025-05-23",
        "url": "https://lists.debian.org/debian-security-announce/2025/msg00087.html"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-ABF317121E vom 2025-05-26",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-abf317121e"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-E5D3928F2C vom 2025-05-26",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-e5d3928f2c"
      },
      {
        "category": "external",
        "summary": "HP Security Bulletin HPSBHF04024 vom 2025-04-11",
        "url": "https://support.hp.com/de-de/document/ish_12559622-12559652-16/HPSBHF04024"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7535-1 vom 2025-05-27",
        "url": "https://ubuntu.com/security/notices/USN-7535-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:01651-2 vom 2025-05-29",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020928.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2025-2872 vom 2025-05-29",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2025-2872.html"
      },
      {
        "category": "external",
        "summary": "HP Security Bulletin HPSBHF04026 vom 2025-04-11",
        "url": "https://support.hp.com/us-en/document/ish_12568527-12568549-16/HPSBHF04026"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:20410-1 vom 2025-06-17",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021549.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:20424-1 vom 2025-06-20",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021589.html"
      },
      {
        "category": "external",
        "summary": "Lenovo Security Advisory LEN-200962 vom 2025-07-09",
        "url": "https://support.lenovo.com/us/en/product_security/LEN-200962"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2025-324 vom 2025-08-14",
        "url": "https://www.dell.com/support/kbdoc/000355904"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2025-339 vom 2025-09-01",
        "url": "https://www.dell.com/support/kbdoc/de-de/000362542/dsa-2025-339-security-update-for-dell-avamar-data-store-gen5a-multiple-third-party-component-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-10991 vom 2025-09-10",
        "url": "https://linux.oracle.com/errata/ELSA-2025-10991.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2025-2994 vom 2025-09-16",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-2994.html"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2025-166 vom 2025-10-14",
        "url": "https://www.dell.com/support/kbdoc/de-de/000363693/dsa-2025-166-security-update-for-dell-powerscale-onefs-multiple-third-party-component-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2026-127 vom 2026-05-06",
        "url": "https://www.dell.com/support/kbdoc/de-de/000461405/dsa-2026-127-security-update-for-dell-powerscale-onefs-multiple-third-party-component-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "Intel Prozessoren: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-05-05T22:00:00.000+00:00",
      "generator": {
        "date": "2026-05-06T09:11:48.074+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-1030",
      "initial_release_date": "2025-05-13T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-05-13T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-05-14T22:00:00.000+00:00",
          "number": "2",
          "summary": "PoC aufgenommen"
        },
        {
          "date": "2025-05-15T22:00:00.000+00:00",
          "number": "3",
          "summary": "Referenz(en) aufgenommen: EUVD-2025-14567"
        },
        {
          "date": "2025-05-18T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Debian, SUSE und openSUSE aufgenommen"
        },
        {
          "date": "2025-05-22T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-05-25T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2025-05-26T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2025-05-27T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von HP und Ubuntu aufgenommen"
        },
        {
          "date": "2025-05-29T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE, Amazon und HP aufgenommen"
        },
        {
          "date": "2025-06-17T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-06-19T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-07-08T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von LENOVO aufgenommen"
        },
        {
          "date": "2025-07-31T22:00:00.000+00:00",
          "number": "13",
          "summary": "Referenz(en) aufgenommen:"
        },
        {
          "date": "2025-08-13T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2025-08-31T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2025-09-10T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2025-09-16T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2025-10-13T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2026-05-05T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Dell aufgenommen"
        }
      ],
      "status": "final",
      "version": "19"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Dell Avamar",
            "product": {
              "name": "Dell Avamar",
              "product_id": "T039664",
              "product_identification_helper": {
                "cpe": "cpe:/a:dell:avamar:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Dell Computer",
            "product": {
              "name": "Dell Computer",
              "product_id": "T043182",
              "product_identification_helper": {
                "cpe": "cpe:/o:dell:dell_computer:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Dell PowerEdge",
            "product": {
              "name": "Dell PowerEdge",
              "product_id": "T019535",
              "product_identification_helper": {
                "cpe": "cpe:/h:dell:poweredge:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "OneFS",
                "product": {
                  "name": "Dell PowerScale OneFS OneFS",
                  "product_id": "T034610",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:powerscale_onefs:onefs"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c13.2.3",
                "product": {
                  "name": "Dell PowerScale OneFS \u003c13.2.3",
                  "product_id": "T053573"
                }
              },
              {
                "category": "product_version",
                "name": "13.2.3",
                "product": {
                  "name": "Dell PowerScale OneFS 13.2.3",
                  "product_id": "T053573-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:powerscale_onefs:13.2.3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "PowerScale OneFS"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Google Cloud Platform",
            "product": {
              "name": "Google Cloud Platform",
              "product_id": "393401",
              "product_identification_helper": {
                "cpe": "cpe:/a:google:cloud_platform:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Google"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "HP Computer",
                "product": {
                  "name": "HP Computer",
                  "product_id": "T031288",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:hp:computer:-"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "HP Computer",
                "product": {
                  "name": "HP Computer",
                  "product_id": "T032784",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:hp:computer:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Computer"
          }
        ],
        "category": "vendor",
        "name": "HP"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HPE ProLiant",
            "product": {
              "name": "HPE ProLiant",
              "product_id": "T027705",
              "product_identification_helper": {
                "cpe": "cpe:/h:hp:proliant:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "HPE Synergy",
            "product": {
              "name": "HPE Synergy",
              "product_id": "T019820",
              "product_identification_helper": {
                "cpe": "cpe:/h:hpe:synergy:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HPE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "CNVi",
                "product": {
                  "name": "Intel Prozessor CNVi",
                  "product_id": "T043596",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:intel:intel_prozessor:cnvi"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Xeon 6 E-cores",
                "product": {
                  "name": "Intel Prozessor Xeon 6 E-cores",
                  "product_id": "T043597",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:intel:intel_prozessor:xeon_6_e-cores"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Slim Bootloader",
                "product": {
                  "name": "Intel Prozessor Slim Bootloader",
                  "product_id": "T043598",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:intel:intel_prozessor:slim_bootloader"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Intel Prozessor",
                "product": {
                  "name": "Intel Prozessor",
                  "product_id": "T043599",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:intel:intel_prozessor:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Prozessor"
          }
        ],
        "category": "vendor",
        "name": "Intel"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Lenovo BIOS",
            "product": {
              "name": "Lenovo BIOS",
              "product_id": "T033443",
              "product_identification_helper": {
                "cpe": "cpe:/h:lenovo:bios:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Lenovo Computer",
            "product": {
              "name": "Lenovo Computer",
              "product_id": "T026557",
              "product_identification_helper": {
                "cpe": "cpe:/h:lenovo:computer:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Lenovo"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-20047",
      "product_status": {
        "known_affected": [
          "T031288",
          "T053573",
          "T032784",
          "T034610",
          "393401",
          "T004914",
          "T033443",
          "74185",
          "T039664",
          "T019535",
          "T043599",
          "T019820",
          "2951",
          "T002207",
          "T027705",
          "T000126",
          "T027843",
          "T043182",
          "398363",
          "T026557",
          "T043596"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-20047"
    },
    {
      "cve": "CVE-2024-48869",
      "product_status": {
        "known_affected": [
          "T031288",
          "T053573",
          "T032784",
          "T034610",
          "393401",
          "T004914",
          "T033443",
          "74185",
          "T039664",
          "T043597",
          "T019535",
          "T043599",
          "T019820",
          "2951",
          "T002207",
          "T027705",
          "T000126",
          "T027843",
          "T043182",
          "398363",
          "T026557"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2024-48869"
    },
    {
      "cve": "CVE-2025-20004",
      "product_status": {
        "known_affected": [
          "T031288",
          "T053573",
          "T032784",
          "T034610",
          "393401",
          "T004914",
          "T033443",
          "74185",
          "T039664",
          "T043597",
          "T019535",
          "T043599",
          "T019820",
          "2951",
          "T002207",
          "T027705",
          "T000126",
          "T027843",
          "T043182",
          "398363",
          "T026557"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-20004"
    },
    {
      "cve": "CVE-2025-20100",
      "product_status": {
        "known_affected": [
          "T031288",
          "T053573",
          "T032784",
          "T034610",
          "393401",
          "T004914",
          "T033443",
          "74185",
          "T039664",
          "T043597",
          "T019535",
          "T043599",
          "T019820",
          "2951",
          "T002207",
          "T027705",
          "T000126",
          "T027843",
          "T043182",
          "398363",
          "T026557"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-20100"
    },
    {
      "cve": "CVE-2025-20083",
      "product_status": {
        "known_affected": [
          "T031288",
          "T053573",
          "T032784",
          "T034610",
          "393401",
          "T004914",
          "T033443",
          "74185",
          "T039664",
          "T043598",
          "T019535",
          "T043599",
          "T019820",
          "2951",
          "T002207",
          "T027705",
          "T000126",
          "T027843",
          "T043182",
          "398363",
          "T026557"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-20083"
    },
    {
      "cve": "CVE-2025-20054",
      "product_status": {
        "known_affected": [
          "T031288",
          "T053573",
          "T032784",
          "T034610",
          "393401",
          "T004914",
          "T033443",
          "74185",
          "T039664",
          "T019535",
          "T043599",
          "T019820",
          "2951",
          "T002207",
          "T027705",
          "T000126",
          "T027843",
          "T043182",
          "398363",
          "T026557"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-20054"
    },
    {
      "cve": "CVE-2025-20103",
      "product_status": {
        "known_affected": [
          "T031288",
          "T053573",
          "T032784",
          "T034610",
          "393401",
          "T004914",
          "T033443",
          "74185",
          "T039664",
          "T019535",
          "T043599",
          "T019820",
          "2951",
          "T002207",
          "T027705",
          "T000126",
          "T027843",
          "T043182",
          "398363",
          "T026557"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-20103"
    },
    {
      "cve": "CVE-2024-43420",
      "product_status": {
        "known_affected": [
          "T031288",
          "T053573",
          "T032784",
          "T034610",
          "393401",
          "T004914",
          "T033443",
          "74185",
          "T039664",
          "T019535",
          "T043599",
          "T019820",
          "2951",
          "T002207",
          "T027705",
          "T000126",
          "T027843",
          "T043182",
          "398363",
          "T026557"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2024-43420"
    },
    {
      "cve": "CVE-2024-45332",
      "product_status": {
        "known_affected": [
          "T031288",
          "T053573",
          "T032784",
          "T034610",
          "393401",
          "T004914",
          "T033443",
          "74185",
          "T039664",
          "T019535",
          "T043599",
          "T019820",
          "2951",
          "T002207",
          "T027705",
          "T000126",
          "T027843",
          "T043182",
          "398363",
          "T026557"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2024-45332"
    },
    {
      "cve": "CVE-2025-20623",
      "product_status": {
        "known_affected": [
          "T031288",
          "T053573",
          "T032784",
          "T034610",
          "393401",
          "T004914",
          "T033443",
          "74185",
          "T039664",
          "T019535",
          "T043599",
          "T019820",
          "2951",
          "T002207",
          "T027705",
          "T000126",
          "T027843",
          "T043182",
          "398363",
          "T026557"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-20623"
    }
  ]
}

CVE-2024-43420 (GCVE-0-2024-43420)

Vulnerability from cvelistv5 – Published: 2025-05-13 21:03 – Updated: 2025-11-03 19:30

Summary

Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom(R) processors may allow an authenticated user to potentially enable information disclosure via local access.

Severity

5.6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

Information Disclosure
CWE-1423 - Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution

Assigner

intel

References

2 references

URL	Tags
https://intel.com/content/www/us/en/security-cent…
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

1 product

Vendor	Product	Version
n/a	Intel Atom(R) processors	Affected: See references

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43420",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-14T13:59:10.424631Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-14T14:01:31.886Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:30:40.396Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel Atom(R) processors",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See references"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom(R) processors may allow an authenticated user to potentially enable information disclosure via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en"
            },
            {
              "cweId": "CWE-1423",
              "description": "Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-13T21:03:09.384Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html",
          "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2024-43420",
    "datePublished": "2025-05-13T21:03:09.384Z",
    "dateReserved": "2024-09-19T03:00:23.071Z",
    "dateUpdated": "2025-11-03T19:30:40.396Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-45332 (GCVE-0-2024-45332)

Vulnerability from cvelistv5 – Published: 2025-05-13 21:03 – Updated: 2025-11-03 19:30

Summary

Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Severity

5.6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

Information Disclosure
CWE-1423 - Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution

Assigner

intel

References

4 references

URL	Tags
https://intel.com/content/www/us/en/security-cent…
http://www.openwall.com/lists/oss-security/2025/05/13/7
https://comsec.ethz.ch/research/microarch/branch-…
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

1 product

Vendor	Product	Version
n/a	Intel(R) Processors	Affected: See references

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:30:52.919Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/05/13/7"
          },
          {
            "url": "https://comsec.ethz.ch/research/microarch/branch-privilege-injection/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00021.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45332",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-14T13:56:46.683867Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-14T13:57:24.912Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) Processors",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See references"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en"
            },
            {
              "cweId": "CWE-1423",
              "description": "Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-13T21:03:12.207Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html",
          "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2024-45332",
    "datePublished": "2025-05-13T21:03:12.207Z",
    "dateReserved": "2024-09-19T03:00:23.104Z",
    "dateUpdated": "2025-11-03T19:30:52.919Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-48869 (GCVE-0-2024-48869)

Vulnerability from cvelistv5 – Published: 2025-05-13 21:03 – Updated: 2026-02-26 18:28

Summary

Improper restriction of software interfaces to hardware features for some Intel(R) Xeon(R) 6 processor with E-cores when using Intel(R) Trust Domain Extensions (Intel(R) TDX) or Intel(R) Software Guard Extensions (Intel(R) SGX) may allow a privileged user to potentially enable escalation of privilege via local access.

Severity

6.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

Escalation of Privilege
CWE-1256 - Improper Restriction of Software Interfaces to Hardware Features

Assigner

intel

References

1 reference

URL	Tags
https://intel.com/content/www/us/en/security-cent…

Impacted products

1 product

Vendor	Product	Version
n/a	Intel(R) Xeon(R) 6 processor with E-cores when using Intel(R) Trust Domain Extensions (Intel(R) TDX) or Intel(R) Software Guard Extensions (Intel(R) SGX)	Affected: See references

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-48869",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-15T04:01:19.722556Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T18:28:10.662Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) Xeon(R) 6 processor with E-cores when using Intel(R) Trust Domain Extensions (Intel(R) TDX) or Intel(R) Software Guard Extensions (Intel(R) SGX)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See references"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper restriction of software interfaces to hardware features for some Intel(R) Xeon(R) 6 processor with E-cores when using Intel(R) Trust Domain Extensions (Intel(R) TDX) or Intel(R) Software Guard Extensions (Intel(R) SGX) may allow a privileged user to potentially enable escalation of privilege via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N",
            "version": "3.1"
          },
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "HIGH"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Escalation of Privilege",
              "lang": "en"
            },
            {
              "cweId": "CWE-1256",
              "description": "Improper Restriction of Software Interfaces to Hardware Features",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-13T21:03:22.922Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01268.html",
          "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01268.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2024-48869",
    "datePublished": "2025-05-13T21:03:22.922Z",
    "dateReserved": "2024-10-09T02:59:22.185Z",
    "dateUpdated": "2026-02-26T18:28:10.662Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-20004 (GCVE-0-2025-20004)

Vulnerability from cvelistv5 – Published: 2025-05-13 21:01 – Updated: 2026-02-26 18:28

Summary

Insufficient control flow management in the Alias Checking Trusted Module for some Intel(R) Xeon(R) 6 processor E-Cores firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Severity

7.2 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

Escalation of Privilege
CWE-691 - Insufficient Control Flow Management

Assigner

intel

References

1 reference

URL	Tags
https://intel.com/content/www/us/en/security-cent…

Impacted products

1 product

Vendor	Product	Version
n/a	Intel(R) Xeon(R) 6 processor E-Cores firmware	Affected: See references

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20004",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-15T03:59:13.816026Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T18:28:19.185Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) Xeon(R) 6 processor E-Cores firmware",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See references"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient control flow management in the Alias Checking Trusted Module for some Intel(R) Xeon(R) 6 processor E-Cores firmware may allow a privileged user to potentially enable escalation of privilege via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "privilegesRequired": "HIGH",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Escalation of Privilege",
              "lang": "en"
            },
            {
              "cweId": "CWE-691",
              "description": "Insufficient Control Flow Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-13T21:01:27.754Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01273.html",
          "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01273.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2025-20004",
    "datePublished": "2025-05-13T21:01:27.754Z",
    "dateReserved": "2024-10-11T03:00:12.247Z",
    "dateUpdated": "2026-02-26T18:28:19.185Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-20047 (GCVE-0-2025-20047)

Vulnerability from cvelistv5 – Published: 2025-05-13 21:01 – Updated: 2025-05-14 14:05

Summary

Improper locking in the Intel(R) Integrated Connectivity I/O interface (CNVi) for some Intel(R) Core™ Ultra Processors may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

Severity

5.7 (Medium)


                        
                          CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

Escalation of Privilege
CWE-667 - Improper Locking

Assigner

intel

References

1 reference

URL	Tags
https://intel.com/content/www/us/en/security-cent…

Impacted products

1 product

Vendor	Product	Version
n/a	Intel(R) Core™ Ultra Processors	Affected: See references

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20047",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-14T14:05:14.524968Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-14T14:05:21.179Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) Core\u2122 Ultra Processors",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See references"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper locking in the Intel(R) Integrated Connectivity I/O interface (CNVi) for some Intel(R) Core\u2122 Ultra Processors may allow an unauthenticated user to potentially enable escalation of privilege via physical access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "PHYSICAL",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Escalation of Privilege",
              "lang": "en"
            },
            {
              "cweId": "CWE-667",
              "description": "Improper Locking",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-13T21:01:54.168Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01180.html",
          "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01180.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2025-20047",
    "datePublished": "2025-05-13T21:01:54.168Z",
    "dateReserved": "2024-10-11T03:00:12.286Z",
    "dateUpdated": "2025-05-14T14:05:21.179Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-20054 (GCVE-0-2025-20054)

Vulnerability from cvelistv5 – Published: 2025-05-13 21:01 – Updated: 2025-11-03 19:35

Summary

Uncaught exception in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

Denial of Service
CWE-248 - Uncaught Exception

Assigner

intel

References

2 references

URL	Tags
https://intel.com/content/www/us/en/security-cent…
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

1 product

Vendor	Product	Version
n/a	Intel(R) Processors	Affected: See references

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20054",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-14T15:48:16.180417Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-14T15:49:18.199Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:35:21.684Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) Processors",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See references"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Uncaught exception in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en"
            },
            {
              "cweId": "CWE-248",
              "description": "Uncaught Exception",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-13T21:01:56.981Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01244.html",
          "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01244.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2025-20054",
    "datePublished": "2025-05-13T21:01:56.981Z",
    "dateReserved": "2024-10-11T03:00:12.311Z",
    "dateUpdated": "2025-11-03T19:35:21.684Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-20083 (GCVE-0-2025-20083)

Vulnerability from cvelistv5 – Published: 2025-05-13 21:02 – Updated: 2026-02-26 18:28

Summary

Improper authentication in the firmware for the Intel(R) Slim Bootloader may allow a privileged user to potentially enable escalation of privilege via local access.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

Escalation of Privilege
CWE-287 - Improper Authentication

Assigner

intel

References

1 reference

URL	Tags
https://intel.com/content/www/us/en/security-cent…

Impacted products

1 product

Vendor	Product	Version
n/a	Intel(R) Slim Bootloader	Affected: See references

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20083",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-16T03:55:55.119423Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T18:28:17.646Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) Slim Bootloader",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See references"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper authentication in the firmware for the Intel(R) Slim Bootloader may allow a privileged user to potentially enable escalation of privilege via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "HIGH",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Escalation of Privilege",
              "lang": "en"
            },
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-13T21:02:07.706Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01290.html",
          "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01290.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2025-20083",
    "datePublished": "2025-05-13T21:02:07.706Z",
    "dateReserved": "2024-11-06T04:00:14.573Z",
    "dateUpdated": "2026-02-26T18:28:17.646Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-20100 (GCVE-0-2025-20100)

Vulnerability from cvelistv5 – Published: 2025-05-13 21:02 – Updated: 2026-02-26 18:28

Summary

Improper access control in the memory controller configurations for some Intel(R) Xeon(R) 6 processor with E-cores may allow a privileged user to potentially enable escalation of privilege via local access.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

Escalation of Privilege
CWE-284 - Improper Access Control

Assigner

intel

References

1 reference

URL	Tags
https://intel.com/content/www/us/en/security-cent…

Impacted products

1 product

Vendor	Product	Version
n/a	Intel(R) Xeon(R) 6 processor with E-cores	Affected: See references

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20100",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-15T03:57:12.420070Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T18:28:17.036Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) Xeon(R) 6 processor with E-cores",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See references"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper access control in the memory controller configurations for some Intel(R) Xeon(R) 6 processor with E-cores may allow a privileged user to potentially enable escalation of privilege via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "HIGH",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Escalation of Privilege",
              "lang": "en"
            },
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-13T21:02:12.186Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01278.html",
          "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01278.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2025-20100",
    "datePublished": "2025-05-13T21:02:12.186Z",
    "dateReserved": "2024-10-11T03:00:12.273Z",
    "dateUpdated": "2026-02-26T18:28:17.036Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-20103 (GCVE-0-2025-20103)

Vulnerability from cvelistv5 – Published: 2025-05-13 21:02 – Updated: 2025-11-03 19:35

Summary

Insufficient resource pool in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

Denial of Service
CWE-410 - Insufficient Resource Pool

Assigner

intel

References

2 references

URL	Tags
https://intel.com/content/www/us/en/security-cent…
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

1 product

Vendor	Product	Version
n/a	Intel(R) Processors	Affected: See references

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20103",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-14T13:49:36.586820Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-14T13:49:44.258Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:35:23.163Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) Processors",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See references"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient resource pool in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en"
            },
            {
              "cweId": "CWE-410",
              "description": "Insufficient Resource Pool",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-13T21:02:15.127Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01244.html",
          "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01244.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2025-20103",
    "datePublished": "2025-05-13T21:02:15.127Z",
    "dateReserved": "2024-10-11T03:00:12.239Z",
    "dateUpdated": "2025-11-03T19:35:23.163Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-20623 (GCVE-0-2025-20623)

Vulnerability from cvelistv5 – Published: 2025-05-13 21:02 – Updated: 2025-11-03 19:35

Summary

Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Core™ processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access.

Severity

5.6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

Information Disclosure
CWE-1423 - Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution

Assigner

intel

References

2 references

URL	Tags
https://intel.com/content/www/us/en/security-cent…
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

1 product

Vendor	Product	Version
n/a	Intel(R) Core™ processors (10th Generation)	Affected: See references

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20623",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-14T15:10:08.956006Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-14T15:10:55.376Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:35:24.582Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) Core\u2122 processors (10th Generation)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See references"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Core\u2122 processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en"
            },
            {
              "cweId": "CWE-1423",
              "description": "Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-13T21:02:26.040Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html",
          "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2025-20623",
    "datePublished": "2025-05-13T21:02:26.040Z",
    "dateReserved": "2025-01-06T23:39:39.905Z",
    "dateUpdated": "2025-11-03T19:35:24.582Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2025-1030

CVE-2024-43420 (GCVE-0-2024-43420)

CVE-2024-45332 (GCVE-0-2024-45332)

CVE-2024-48869 (GCVE-0-2024-48869)

CVE-2025-20004 (GCVE-0-2025-20004)

CVE-2025-20047 (GCVE-0-2025-20047)

CVE-2025-20054 (GCVE-0-2025-20054)

CVE-2025-20083 (GCVE-0-2025-20083)

CVE-2025-20100 (GCVE-0-2025-20100)

CVE-2025-20103 (GCVE-0-2025-20103)

CVE-2025-20623 (GCVE-0-2025-20623)

Tags

Sightings

Nomenclature