PT-2024-2538 · Intel+9 · Intel Processors+9

Published

2024-02-14

Updated

2025-03-26

CVE-2023-38575

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Intel(R) Processors (affected versions not specified)

Description The issue is related to non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors, which may allow an authorized user to potentially enable information disclosure via local access. This is a speculative execution flaw that affects multiple CPU generations. The vulnerability may be exploited to disclose protected information. It has been reported that this issue is being actively exploited.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1303

Related Identifiers

ALSA-2024:9401

ALT-PU-2024-8656

ALT-PU-2024-8668

BDU:2024-02524

CVE-2023-38575

DLA-3808-1

INFSA-2024_9401

MGASA-2024-0103

OESA-2024-1295

OESA-2024-1732

OPENSUSE-SU-2024:13769-1

OPENSUSE-SU-2024_1139-1

RHSA-2024:9401

RHSA-2024_9401

RLSA-2024:9401

SUSE-SU-2024:0917-1

SUSE-SU-2024:1139-1

SUSE-SU-2025:1032-1

SUSE-SU-2025:20020-1

USN-6797-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Intel Processors

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2024-2538 · Intel+9 · Intel Processors+9

CVE-2023-38575

Weakness Enumeration

Related Identifiers

Affected Products

References · 136