{
  "threat_severity" : "Moderate",
  "public_date" : "2026-05-12T16:35:09Z",
  "bugzilla" : {
    "description" : "kernel: Kernel: Information disclosure via shared microarchitectural predictor state in Intel(R) Processors",
    "id" : "2476541",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2476541"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.6",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
    "status" : "draft"
  },
  "cwe" : "CWE-1037",
  "details" : [ "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Processors within VMX non-root (guest) operation may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (none) and availability (none) impacts.", "A flaw was found in the kernel. This vulnerability, affecting some Intel(R) Processors, involves shared microarchitectural predictor state that influences transient execution within VMX non-root (guest) operation. An unprivileged software adversary with an authenticated user can exploit this locally to disclose sensitive information. This high-complexity attack requires no user interaction and can lead to significant data exposure." ],
  "statement" : "This Moderate impact information disclosure flaw affects Intel processors in virtualized environments utilizing VMX non-root (guest) operation. An authenticated, unprivileged local attacker could exploit shared microarchitectural predictor states to transiently execute code and potentially expose sensitive data. The high complexity of the attack reduces its immediate threat.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "microcode_ctl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Fix deferred",
    "package_name" : "microcode_ctl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "microcode_ctl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "microcode_ctl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "microcode_ctl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Fix deferred",
    "package_name" : "rhcos",
    "cpe" : "cpe:/a:redhat:openshift:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-35979\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-35979\nhttps://intel.com/content/www/us/en/security-center/advisory/intel-sa-01420.html" ],
  "name" : "CVE-2025-35979",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}