Indirect branch predictor vulnerability in Intel processors
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2024-43420 CVE-2025-20623 CVE-2024-45332 |
| CWE-ID | CWE-200 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Intel Pentium Processor Silver Series Hardware solutions / Firmware Intel Celeron Processor J Series Hardware solutions / Firmware Intel Celeron Processor N Series Hardware solutions / Firmware 10th Generation Intel Core Processors Hardware solutions / Firmware 12th Generation Intel Core Processors Hardware solutions / Firmware Intel Pentium Gold Processor Series Hardware solutions / Firmware Intel Celeron Processors Hardware solutions / Firmware 2nd Generation Intel Xeon Scalable Processors Hardware solutions / Firmware Intel Xeon E Processors Hardware solutions / Firmware 3rd Generation Intel Xeon Scalable Processors Hardware solutions / Firmware Intel Core Ultra family Hardware solutions / Firmware 13th Generation Intel Core Processors Hardware solutions / Firmware 14th Generation Intel Core Processors Hardware solutions / Firmware Intel Pentium Processor G7400/G7400T Hardware solutions / Firmware 11th Generation Intel Core Processors Hardware solutions / Firmware Intel Core i7-11700 Hardware solutions / Firmware Intel Core i7-11700T Hardware solutions / Firmware Intel Core i5-11400T Hardware solutions / Firmware Intel Core i5-11400 Hardware solutions / Firmware Intel Core i5-11500T Hardware solutions / Firmware Intel Core i5-11500 Hardware solutions / Firmware 3rd Intel Xeon E processor family Hardware solutions / Firmware 4th Generation Intel Xeon Scalable Processors Hardware solutions / Firmware 5th Generation Intel Xeon Scalable processors Hardware solutions / Firmware 8th Generation Intel Core Processors Hardware solutions / Firmware Intel Core Ultra 5 Hardware solutions / Firmware Intel Core Ultra 7 Hardware solutions / Firmware Intel Core Ultra 9 Hardware solutions / Firmware 9th Generation Intel Core Processors Client/Desktop applications / Web browsers 13th Generation Intel Core i7 processors Hardware solutions / Other hardware appliances Intel Atom Processors P6000 Hardware solutions / Other hardware appliances Intel Xeon 6 processor family Hardware solutions / Other hardware appliances |
| Vendor | Intel |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU109423
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43420
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to shared microarchitectural predictor state that influences transient execution. A local user can gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsIntel Pentium Processor Silver Series: All versions
Intel Celeron Processor J Series: All versions
Intel Celeron Processor N Series: All versions
CPE2.3- cpe:2.3:h:intel:intel_pentium_processor_silver_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_celeron_processor_j_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_celeron_processor_n_series:*:*:*:*:*:*:*:*
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU109424
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-20623
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to shared microarchitectural predictor state that influences transient execution. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's website.
Vulnerable software versions10th Generation Intel Core Processors: All versions
CPE2.3 External linkshttps://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU109425
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45332
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to shared microarchitectural predictor state that influences transient execution. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's website.
Vulnerable software versions12th Generation Intel Core Processors: All versions
Intel Pentium Gold Processor Series: All versions
Intel Celeron Processors: All versions
2nd Generation Intel Xeon Scalable Processors: All versions
9th Generation Intel Core Processors: All versions
Intel Xeon E Processors: All versions
10th Generation Intel Core Processors: All versions
3rd Generation Intel Xeon Scalable Processors: All versions
Intel Core Ultra family: All versions
13th Generation Intel Core Processors: All versions
14th Generation Intel Core Processors: All versions
13th Generation Intel Core i7 processors: All versions
Intel Pentium Processor G7400/G7400T: All versions
11th Generation Intel Core Processors: All versions
Intel Core i7-11700: All versions
Intel Core i7-11700T: All versions
Intel Core i5-11400T: All versions
Intel Core i5-11400: All versions
Intel Core i5-11500T: All versions
Intel Core i5-11500: All versions
3rd Intel Xeon E processor family: All versions
4th Generation Intel Xeon Scalable Processors: All versions
5th Generation Intel Xeon Scalable processors: All versions
8th Generation Intel Core Processors: All versions
Intel Core Ultra 5: All versions
Intel Core Ultra 7: All versions
Intel Core Ultra 9: All versions
Intel Atom Processors P6000: All versions
Intel Xeon 6 processor family: All versions
CPE2.3- cpe:2.3:h:intel:12th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_pentium_gold_processor_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_celeron_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:2nd_generation_intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:9th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_e_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:3rd_generation_intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_ultra_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:13th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:14th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:13th_generation_intel_core_i7_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_pentium_processor_g7400_g7400t:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:11th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i7-11700:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i7-11700t:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i5-11400t:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i5-11400:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i5-11500t:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i5-11500:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:3rd_intel_xeon_e_processor_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:4th_generation_intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:5th_generation_intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:8th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_ultra_5:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_ultra_7:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_ultra_9:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_atom_processors_p6000:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_6_processor_family:*:*:*:*:*:*:*:*
https://www.openwall.com/lists/oss-security/2025/05/13/7
https://comsec.ethz.ch/research/microarch/branch-privilege-injection/
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
