{ "document": { "aggregate_severity": { "text": "Medium" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/rhel7els/vex/2024/cve-2024-43420-els_os-rhel7els.json" } ], "tracking": { "current_release_date": "2026-06-13T03:00:53Z", "generator": { "date": "2026-06-13T03:00:53Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2024-43420-ELS_OS-RHEL7ELS", "initial_release_date": "2024-01-01T00:00:00Z", "revision_history": [ { "date": "2024-01-01T00:00:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-06-13T03:00:53Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "Security update on CVE-2024-43420" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux 7", "product": { "name": "Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7", "product_identification_helper": { "cpe": "cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "microcode_ctl-2:2.1-73.25.el7_9.x86_64", "product": { "name": "microcode_ctl-2:2.1-73.25.el7_9.x86_64", "product_id": "microcode_ctl-2:2.1-73.25.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/microcode_ctl@2.1-73.25.el7_9?arch=x86_64&epoch=2" } } }, { "category": "product_version", "name": "microcode_ctl-2:2.1-73.26.el7_9.x86_64", "product": { "name": "microcode_ctl-2:2.1-73.26.el7_9.x86_64", "product_id": "microcode_ctl-2:2.1-73.26.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/microcode_ctl@2.1-73.26.el7_9?arch=x86_64&epoch=2" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "microcode_ctl-2:2.1-73.25.el7_9.tuxcare.els1.x86_64", "product": { "name": "microcode_ctl-2:2.1-73.25.el7_9.tuxcare.els1.x86_64", "product_id": "microcode_ctl-2:2.1-73.25.el7_9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/microcode_ctl@2.1-73.25.el7_9.tuxcare.els1?arch=x86_64&epoch=2" } } }, { "category": "product_version", "name": "microcode_ctl-2:2.1-73.26.el7_9.tuxcare.els1.x86_64", "product": { "name": "microcode_ctl-2:2.1-73.26.el7_9.tuxcare.els1.x86_64", "product_id": "microcode_ctl-2:2.1-73.26.el7_9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/microcode_ctl@2.1-73.26.el7_9.tuxcare.els1?arch=x86_64&epoch=2" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "microcode_ctl-2:2.1-73.25.el7_9.tuxcare.els1.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:microcode_ctl-2:2.1-73.25.el7_9.tuxcare.els1.x86_64" }, "product_reference": "microcode_ctl-2:2.1-73.25.el7_9.tuxcare.els1.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "microcode_ctl-2:2.1-73.25.el7_9.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:microcode_ctl-2:2.1-73.25.el7_9.x86_64" }, "product_reference": "microcode_ctl-2:2.1-73.25.el7_9.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "microcode_ctl-2:2.1-73.26.el7_9.tuxcare.els1.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:microcode_ctl-2:2.1-73.26.el7_9.tuxcare.els1.x86_64" }, "product_reference": "microcode_ctl-2:2.1-73.26.el7_9.tuxcare.els1.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "microcode_ctl-2:2.1-73.26.el7_9.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:microcode_ctl-2:2.1-73.26.el7_9.x86_64" }, "product_reference": "microcode_ctl-2:2.1-73.26.el7_9.x86_64", "relates_to_product_reference": "Red-Hat-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-43420", "cwe": { "id": "CWE-1423", "name": "Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution" }, "notes": [ { "category": "description", "text": "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom(R) processors may allow an authenticated user to potentially enable information disclosure via local access.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "known_affected": [ "Red-Hat-7:microcode_ctl-2:2.1-73.25.el7_9.tuxcare.els1.x86_64", "Red-Hat-7:microcode_ctl-2:2.1-73.25.el7_9.x86_64", "Red-Hat-7:microcode_ctl-2:2.1-73.26.el7_9.tuxcare.els1.x86_64", "Red-Hat-7:microcode_ctl-2:2.1-73.26.el7_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-43420" } ], "release_date": "2025-05-13T21:03:00Z", "remediations": [ { "category": "no_fix_planned", "date": "2026-06-12T13:03:59.134949Z", "details": "CVE-2024-43420 is a local-only, high‑complexity transient‑execution side channel that requires an authenticated attacker to run code on the same host and manipulate indirect-branch predictor state, with confidentiality impact only and no integrity or availability effect. It targets specific Atom-based Pentium Silver/Celeron J/N SoCs (CPUID 706A8) rather than Xeon/Core server-class CPUs commonly used for enterprise servers and cloud VMs, so it is not applicable to most managed server estates. Additionally, these Atom parts lack simultaneous multithreading, further constraining leakage to time-sliced same‑core contexts, which makes practical exploitation in centrally managed environments unlikely; deprioritization is reasonable.", "product_ids": [ "Red-Hat-7:microcode_ctl-2:2.1-73.25.el7_9.tuxcare.els1.x86_64", "Red-Hat-7:microcode_ctl-2:2.1-73.25.el7_9.x86_64", "Red-Hat-7:microcode_ctl-2:2.1-73.26.el7_9.tuxcare.els1.x86_64", "Red-Hat-7:microcode_ctl-2:2.1-73.26.el7_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red-Hat-7:microcode_ctl-2:2.1-73.25.el7_9.tuxcare.els1.x86_64", "Red-Hat-7:microcode_ctl-2:2.1-73.25.el7_9.x86_64", "Red-Hat-7:microcode_ctl-2:2.1-73.26.el7_9.tuxcare.els1.x86_64", "Red-Hat-7:microcode_ctl-2:2.1-73.26.el7_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }