CVE-2024-43420

NameCVE-2024-43420
DescriptionExposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom(R) processors may allow an authenticated user to potentially enable information disclosure via local access.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1105172

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
intel-microcode (PTS)bullseye/non-free3.20240813.1~deb11u1vulnerable
bullseye/non-free (security)3.20250211.1~deb11u1vulnerable
bookworm/non-free-firmware3.20250211.1~deb12u1vulnerable
bookworm/non-free-firmware (security)3.20231114.1~deb12u1vulnerable
trixie/non-free-firmware, sid/non-free-firmware3.20250211.1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
intel-microcodesource(unstable)(unfixed)1105172

Notes

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
Search for package or bug name: Reporting problems