Source: intel-microcode Version: 3.20260227.1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for intel-microcode. CVE-2025-35979[0]: | Exposure of sensitive information caused by shared | microarchitectural predictor state that influences transient | execution for some Intel(R) Processors within VMX non-root (guest) | operation may allow an information disclosure. Unprivileged software | adversary with an authenticated user combined with a high complexity | attack may enable data exposure. This result may potentially occur | via local access when attack requirements are present without | special internal knowledge and requires no user interaction. The | potential vulnerability may impact the confidentiality (high), | integrity (none) and availability (none) of the vulnerable system, | resulting in subsequent system confidentiality (high), integrity | (none) and availability (none) impacts. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-35979 https://www.cve.org/CVERecord?id=CVE-2025-35979 [1] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01420.html [2] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20260512 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
