CVE-2024-28956

low-risk

Published 2025-05-13

Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Do I need to act?

0.23% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.6/10 Medium

LOCAL / HIGH complexity

References (6)

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01153.html

http://www.openwall.com/lists/oss-security/2025/05/12/5

http://xenbits.xen.org/xsa/advisory-469.html

https://lists.debian.org/debian-lts-announce/2025/05/msg00021.html

https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html

https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html

/ 100

low-risk

Severity 15/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal