CVE-2024-24968 — Improper Finite State Machines (FSMs) in Hardware Logic in Intel-microcode

CWE-1245 — Improper Finite State Machines (FSMs) in Hardware Logic CWE-122 — Heap-based Buffer Overflow CWE-250 — Execution with Unnecessary Privileges CWE-273 — Improper Check for Dropped Privileges11 documents7 sources

Severity

5.6MEDIUMNVD

OSV8.5OSV6.8CISA9.8

EPSS

0.0%

top 87.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Intel-microcode

Timeline

PublishedSep 16

Latest updateDec 11

Description

Improper finite state machines (FSMs) in hardware logic in some Intel(R) Processors may allow an privileged user to potentially enable a denial of service via local access.

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

▶debiandebian/intel-microcode< intel-microcode 3.20240910.1~deb12u1 (bookworm)

🔴Vulnerability Details

OSV

intel-microcode vulnerabilities↗2024-12-11

▶

OSV

intel-microcode vulnerabilities↗2024-09-25

▶

OSV

CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in some Intel(R) Processors may allow an privileged user to potentially enable a denial of ser↗2024-09-16

▶

GHSA

GHSA-r3xc-mh5x-gjfq: Improper finite state machines (FSMs) in hardware logic in some Intel(R) Processors may allow an privileged user to potentially enable a denial of ser↗2024-09-16

▶

📋Vendor Advisories

Ubuntu

Intel Microcode vulnerabilities↗2024-12-11

▶

CISA

VMware vCenter Server Heap-Based Buffer Overflow Vulnerability↗2024-11-20

▶

CISA

VMware vCenter Server Privilege Escalation Vulnerability↗2024-11-20

▶

Ubuntu

Intel Microcode vulnerabilities↗2024-09-25

▶

Red Hat

microcode_ctl: Denial of Service↗2024-09-16

▶