#VU109425 Information disclosure in Intel products - CVE-2024-45332

Vulnerability identifier: #VU109425

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-45332

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
12th Generation Intel Core Processors
Intel Pentium Gold Processor Series
Intel Celeron Processors
2nd Generation Intel Xeon Scalable Processors
Intel Xeon E Processors
10th Generation Intel Core Processors
3rd Generation Intel Xeon Scalable Processors
Intel Core Ultra family
13th Generation Intel Core Processors
14th Generation Intel Core Processors
Intel Pentium Processor G7400/G7400T
11th Generation Intel Core Processors
Intel Core i7-11700
Intel Core i7-11700T
Intel Core i5-11400T
Intel Core i5-11400
Intel Core i5-11500T
Intel Core i5-11500
3rd Intel Xeon E processor family
4th Generation Intel Xeon Scalable Processors
5th Generation Intel Xeon Scalable processors
8th Generation Intel Core Processors
Intel Core Ultra 5
Intel Core Ultra 7
Intel Core Ultra 9
9th Generation Intel Core Processors
13th Generation Intel Core i7 processors
Intel Atom Processors P6000
Intel Xeon 6 processor family

Software vendor:
Intel

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to shared microarchitectural predictor state that influences transient execution. A local user can gain access to sensitive information.

Install updates from vendor's website.

• http://www.openwall.com/lists/oss-security/2025/05/13/7
• https://comsec.ethz.ch/research/microarch/branch-privilege-injection/
• https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html