CVE-2024-23918 — DEPRECATED: Improper Sanitization of Custom Special Characters in Intel-microcode

CWE-92 — DEPRECATED: Improper Sanitization of Custom Special Characters6 documents5 sources

Severity

8.8HIGHNVD

OSV8.5

EPSS

0.1%

top 78.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Intel-microcode

Timeline

PublishedNov 13

Latest updateDec 11

Description

Improper conditions check in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages1 packages

▶debiandebian/intel-microcode< intel-microcode 3.20241112.1~deb12u1 (bookworm)

🔴Vulnerability Details

OSV

intel-microcode vulnerabilities↗2024-12-11

▶

OSV

CVE-2024-23918: Improper conditions check in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to p↗2024-11-13

▶

GHSA

GHSA-39h6-pqr3-34cv: Improper conditions check in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to p↗2024-11-13

▶

📋Vendor Advisories

Ubuntu

Intel Microcode vulnerabilities↗2024-12-11

▶

Debian

CVE-2024-23918: intel-microcode - Improper conditions check in some Intel(R) Xeon(R) processor memory controller c...↗2024

▶