#1137032 intel-microcode: CVE-2025-35979 / INTEL-SA-01420

Package:
src:intel-microcode
Source:
src:intel-microcode
Submitter:
Salvatore Bonaccorso
Date:
2026-05-18 20:15:02 UTC
Severity:
normal
Tags:
#1137032#5
Date:
2026-05-18 20:13:13 UTC
From:
To:
Hi,

The following vulnerability was published for intel-microcode.

CVE-2025-35979[0]:
| Exposure of sensitive information caused by shared
| microarchitectural predictor state that influences transient
| execution for some Intel(R) Processors within VMX non-root (guest)
| operation may allow an information disclosure. Unprivileged software
| adversary with an authenticated user combined with a high complexity
| attack may enable data exposure. This result may potentially occur
| via local access when attack requirements are present without
| special internal knowledge and requires no user interaction. The
| potential vulnerability may impact the confidentiality (high),
| integrity (none) and availability (none) of the vulnerable system,
| resulting in subsequent system confidentiality (high), integrity
| (none) and availability (none) impacts.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-35979
https://www.cve.org/CVERecord?id=CVE-2025-35979
[1] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01420.html
[2] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20260512

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore