Critical Vulnerability Information Intel ID: INTEL-SA-01153 Category: Hardware Vulnerability Impact: Information Disclosure Severity Rating: Medium Original Release Date: May 12, 2025 Last Revised Date: May 12, 2025 Vulnerability Summary Certain Intel processors may contain a security vulnerability that could allow information disclosure. Intel is releasing microcode updates and remediation guidance to mitigate this potential vulnerability. Vulnerability Details CVE ID: CVE-2024-28956 Description: During transient execution, certain Intel processors may allow sensitive information to be exposed in shared microarchitectural structures via local access. CVSS Base Score 3.1: 5.6 (Medium) CVSS Vector 3.1: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVSS Base Score 4.0: 5.7 (Medium) CVSS Vector 4.0: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VCH:VIN/VAN:VAN/SCN:SIN/SAN Affected Products Multiple Intel processor families, including but not limited to: - 10th Generation Intel Core Processor Family - 11th Generation Intel Core Processor Family - Intel Xeon Processor Family - 2nd Generation Intel Xeon Scalable Processor Family - 3rd Generation Intel Xeon Scalable Processor Family - 8th Generation Intel Core Processors - 9th Generation Intel Core Processor Family - 11th Generation Intel Core Processor Family Recommended Actions Intel recommends that users of affected Intel processors upgrade to the latest version provided by their system manufacturer to address this issue. Microcode patches can be loaded via the public GitHub repository or through the specified firmware interface table (FIT) in platform flash. Related Links Target Selection Software Guide Loading Microcode from Operating System Public GitHub Acknowledgments Thanks to Sander Wiering and Cristiano Giuffrida, as well as Intel employees Ke Sun, Alyssa Milburn, Thais Hamaiski, Joseph Nuzman, and Pawan Kumar Gupta for reporting this issue.