CVE-2024-43420: 
Rocky Linux vulnerability analysis and mitigation

A microarchitectural vulnerability (CVE-2024-43420) was discovered affecting certain Intel Atom® processors. The vulnerability was disclosed on May 13, 2025, and involves exposure of sensitive information through shared microarchitectural predictor state that influences transient execution. This security issue specifically affects authenticated users with local access to the system (NVD, Wiz).

The vulnerability has been assigned both CVSS v4.0 and v3.1 scores. Under CVSS v4.0, it received a base score of 5.7 (Medium) with vector string CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N. The CVSS v3.1 assessment resulted in a base score of 5.6 (Medium) with vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N. The technical assessment indicates that the vulnerability requires local access and authenticated user privileges to exploit (NVD).

The primary impact of this vulnerability is related to information disclosure. When successfully exploited, it can lead to exposure of sensitive information through shared microarchitectural predictor state. The vulnerability specifically affects confidentiality with high potential for information exposure, while integrity and availability remain unaffected (Wiz).

Intel is actively addressing this vulnerability by releasing microcode updates as the primary mitigation strategy. Multiple Ubuntu releases from 16.04 LTS to 25.04 have been identified as vulnerable and require updates to the intel-microcode package. Other affected systems including Debian 11, 12, and Red Hat versions 6, 7, 8, and 9 also require security updates (Wiz).