Your submission was sent successfully! Close

CVE-2020-24489

Published: 8 June 2021

Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.

From the Ubuntu security team

It was discovered that some Intel processors may not properly invalidate cache entries used by Intel Virtualization Technology for Directed I/O (VT-d). This may allow a local user to perform a privilege escalation attack.

Notes

AuthorNote
sbeattie
INTEL-TA-00442
does not appear to be kernel/qemu aspect to this issue
Priority

High

CVSS 3 base score: 8.8

Status

Package Release Status
intel-microcode
Launchpad, Ubuntu, Debian
bionic
Released (3.20210608.0ubuntu0.18.04.1)
focal
Released (3.20210608.0ubuntu0.20.04.1)
groovy
Released (3.20210608.0ubuntu0.20.10.1)
hirsute
Released (3.20210608.0ubuntu0.21.04.1)
impish
Released (3.20210608.0ubuntu1)
jammy
Released (3.20210608.0ubuntu1)
precise Does not exist

trusty
Released (3.20210608.0ubuntu0.14.04.1+esm1)
upstream Needs triage

xenial
Released (3.20210608.0ubuntu0.16.04.1+esm1)