CVE-2024-24853 — Incorrect Behavior Order in Intel-microcode

CWE-696 — Incorrect Behavior Order6 documents5 sources

Severity

7.3HIGHNVD

EPSS

0.0%

top 96.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Intel-microcode

Timeline

PublishedAug 14

Latest updateAug 20

Description

Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages1 packages

▶debiandebian/intel-microcode< intel-microcode 3.20240813.1~deb12u1 (bookworm)

🔴Vulnerability Details

OSV

intel-microcode vulnerabilities↗2024-08-20

▶

GHSA

GHSA-vp6v-8xw7-8j3v: Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user↗2024-08-14

▶

OSV

CVE-2024-24853: Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user↗2024-08-14

▶

📋Vendor Advisories

Ubuntu

Intel Microcode vulnerabilities↗2024-08-20

▶

Debian

CVE-2024-24853: intel-microcode - Incorrect behavior order in transition between executive monitor and SMI transfe...↗2024

▶