Intel CPUs: Information Disclosure in Intel Processors via transient microarchitectural exposure (CVE-2024-28956) (CVE-2024-28956) #shorts

Summary

Today’s episode covers CVE-2024-28956, an information disclosure vulnerability in multiple Intel processors. Published on May 13, 2025, this flaw allows an authenticated local user to exploit shared microarchitectural structures during transient execution to leak sensitive data. While no public exploit exists, Intel and SUSE recommend applying microcode updates immediately.

Product details

CVE-2024-28956 affects a range of Intel processors; exact models are listed in Intel’s official references. The issue is addressed by updated CPU microcode provided by Intel and packaged in SUSE’s microcode_ctl utility. System administrators running SUSE Linux should install the latest ucode-intel package to mitigate the risk.

Vulnerability type summary

This is an information disclosure vulnerability arising from exposure of sensitive information in shared microarchitectural structures during transient execution. In plain terms, it’s a Spectre-class side-channel flaw where speculative or out-of-order CPU operations can leak data across trust boundaries.

Details of the vulnerability

An attacker with valid local credentials can trigger transient execution paths that leave remnant state in caches or other CPU buffers. By carefully measuring timing differences, the attacker can reconstruct sensitive information belonging to other processes or kernel memory. No remote attack vector exists; physical or remote console access with user privileges is required. Intel’s microcode update and SUSE’s microcode_ctl patch close the speculative execution window and prevent data leakage.

Conclusion

CVE-2024-28956 reinforces the need for timely microcode and OS patches to defend against speculative execution side-channel attacks. Although there’s no known exploit in the wild, administrators should apply Intel’s latest microcode and update SUSE’s ucode-intel package immediately. Stay vigilant and subscribe for updates on emerging processor vulnerabilities and mitigation best practices.

This chain involves the following actors

• Local Authenticated User: Potential attacker with legitimate login privileges
• System Administrator: Responsible for securing systems and deploying updates
• Intel Vendor Support: Provider of microcode patches and guidance

This following systems are involved

• Intel Processor (Executes instructions and performs speculative execution): Contains shared microarchitectural buffers and caches
• Operating System Kernel (Manages hardware resources and process isolation): Delivers microcode updates and enforces privilege boundaries
• Microcode Update Service (Installs updated processor microcode): Applies firmware-level fixes inside the processor

Attack entry point

• Local Login Session: Authenticated shell or user‐level session on the target machine
• Transient Execution Path: Speculative execution mechanism within the processor that can leave traces in internal buffers
• Shared Microarchitectural Structures: Caches and internal buffers that may reveal transient data through side channels

Remediation actions

Exploitation actions

• https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01153.html
• [2025-05-17] SUSE releases microcode_ctl fixes for Intel CPUs addressing CVE-2024-28956 and CVE-2024-43420.
• [2025-05-22] SUSE reports a moderate vulnerability in ucode-intel with cross-references to CVE-2024-28956 and CVE-2024-43420.
• [2025-05-14] Intel Processor Information Disclosure vulnerability CVE-2024-28956 identified, no exploit available, upgrade recommended.