Bug 2366125 (CVE-2024-28956)

Summary: CVE-2024-28956 microcode_ctl: From CVEorg collector
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: baumanmo
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
New Spectre-v2 attack classes have been discovered within CPU architectures that enable self-training exploitation of speculative execution within the same privilege domain. These novel techniques bypass existing hardware and software mitigations, including IBPB, eIBRS, and BHI_NO, by leveraging in-kernel gadgets (potentially accessible via SECCOMP/cBPF), Branch Target Buffer (BTB) aliasing, and direct-to-indirect branch predictor training. While the root cause lies in CPU architectural behavior, the vulnerability manifests through kernel-level speculation paths, allowing attackers to potentially leak sensitive memory.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-05-13 22:03:54 UTC 
Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Comment 1 errata-xmlrpc 2025-07-01 14:42:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:10103 https://access.redhat.com/errata/RHSA-2025:10103
Comment 2 errata-xmlrpc 2025-07-01 14:52:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:10102 https://access.redhat.com/errata/RHSA-2025:10102
Comment 3 errata-xmlrpc 2025-07-01 15:20:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:10101 https://access.redhat.com/errata/RHSA-2025:10101
Comment 4 errata-xmlrpc 2025-07-01 15:31:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Via RHSA-2025:10107 https://access.redhat.com/errata/RHSA-2025:10107
Comment 5 errata-xmlrpc 2025-07-01 15:35:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:10108 https://access.redhat.com/errata/RHSA-2025:10108
Comment 6 errata-xmlrpc 2025-07-01 15:45:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Advanced Update Support

Via RHSA-2025:10111 https://access.redhat.com/errata/RHSA-2025:10111
Comment 7 errata-xmlrpc 2025-07-01 15:48:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:10109 https://access.redhat.com/errata/RHSA-2025:10109
Comment 8 errata-xmlrpc 2025-07-01 16:53:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:10126 https://access.redhat.com/errata/RHSA-2025:10126
Comment 9 errata-xmlrpc 2025-07-01 19:44:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2025:10162 https://access.redhat.com/errata/RHSA-2025:10162
Comment 10 errata-xmlrpc 2025-07-14 18:02:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:10991 https://access.redhat.com/errata/RHSA-2025:10991
Comment 11 errata-xmlrpc 2025-08-18 04:07:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:13962 https://access.redhat.com/errata/RHSA-2025:13962
Comment 15 errata-xmlrpc 2025-11-10 03:49:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:19962 https://access.redhat.com/errata/RHSA-2025:19962
Comment 16 errata-xmlrpc 2025-11-11 08:04:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:20095 https://access.redhat.com/errata/RHSA-2025:20095