CVE-2024-28956

EPSS 0.25%

xen - security update

Published: 5/13/2025Modified: 12/3/2025

Also known as:ALPINE-CVE-2024-28956

Description

Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Affected packages (9)

Alpine/intel-ucodefrom 0, < 20250512-r0
Alpine/xenfrom 0, < 4.17.5-r4
Debian/intel-microcodefrom 0, < 3.20250512.1~deb11u1
Debian/intel-microcodefrom 0, < 3.20250512.1~deb11u1
Debian/intel-microcodefrom 0, < 3.20250512.1~deb12u1
Debian/linuxfrom 0, < 5.10.244-1
Debian/linux-6.1from 0, < 6.1.140-1~deb11u1
Debian/xenfrom 0
Debian/xenfrom 0, < 4.17.5+72-g01140da4e8-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References (2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2024-28956
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2024-28956