#VU109169 Missing initialization of resource in Intel products - CVE-2025-24495
Vulnerability identifier: #VU109169
Vulnerability risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-909
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Intel Core Ultra 5
Hardware solutions /
Firmware
Intel Core Ultra 7
Hardware solutions /
Firmware
Intel Core Ultra 9
Hardware solutions /
Firmware
Vendor: Intel
Description
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to incorrect initialization of resource in the branch prediction unit. A local user can gain unauthorized access to sensitive information on the system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Intel Core Ultra 5: All versions
Intel Core Ultra 7: All versions
Intel Core Ultra 9: All versions
External links
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01322.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
