CVE-2024-21808
Publication date 13 November 2024
Last updated 3 July 2025
Ubuntu priority
Description
Improper buffer restrictions in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| intel-mediasdk | 26.04 LTS resolute | Not in release |
| 25.10 questing | Not in release | |
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal | Ignored end of standard support, was needs-triage | |
| onevpl-intel-gpu | 26.04 LTS resolute |
Not affected
|
| 25.10 questing |
Not affected
|
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal | Not in release |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
4.2 · Medium
|
| Attack vector | Local |
| Attack complexity | High |
| Privileges required | Low |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | Low |
| Availability impact | Low |
| Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L |