CVE-2024-28956

NameCVE-2024-28956
Descriptionx86: Indirect Target Selection
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1105172, 1105193

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
intel-microcode (PTS)bullseye/non-free3.20240813.1~deb11u1vulnerable
bullseye/non-free (security)3.20250211.1~deb11u1vulnerable
bookworm/non-free-firmware3.20250211.1~deb12u1vulnerable
bookworm/non-free-firmware (security)3.20231114.1~deb12u1vulnerable
sid/non-free-firmware, trixie/non-free-firmware3.20250211.1vulnerable
linux (PTS)bullseye5.10.223-1vulnerable
bullseye (security)5.10.234-1vulnerable
bookworm6.1.129-1vulnerable
bookworm (security)6.1.135-1vulnerable
sid, trixie6.12.27-1vulnerable
xen (PTS)bullseye4.14.6-1vulnerable
bullseye (security)4.14.5+94-ge49571868d-1vulnerable
bookworm4.17.5+23-ga4e5191dc0-1+deb12u1vulnerable
bookworm (security)4.17.5+23-ga4e5191dc0-1vulnerable
trixie4.20.0-1vulnerable
sid4.20.0+68-g35cb38b222-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
intel-microcodesource(unstable)(unfixed)1105172
linuxsource(unstable)(unfixed)
xensourcebullseye(unfixed)end-of-life
xensource(unstable)(unfixed)1105193

Notes

[bullseye] - xen <end-of-life> (EOLed in Bullseye)
https://xenbits.xen.org/xsa/advisory-469.html
https://www.vusec.net/projects/training-solo/
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/indirect-target-selection.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01153.html
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
Search for package or bug name: Reporting problems