CVE-2024-25939
Published: 14 August 2024
Mirrored regions with different values in 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.
From the Ubuntu Security Team
It was discovered that some 3rd Generation Intel Xeon Scalable Processors did not properly handle mirrored regions with different values. A privileged local user could use this to cause a denial of service (system crash).
Priority
Status
| Package | Release | Status |
|---|---|---|
|
intel-microcode
Launchpad, Ubuntu, Debian |
bionic |
Released
(3.20240813.0ubuntu0.18.04.1+esm2)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
| focal |
Released
(3.20240813.0ubuntu0.20.04.2)
|
|
| jammy |
Released
(3.20240813.0ubuntu0.22.04.2)
|
|
| noble |
Released
(3.20240813.0ubuntu0.24.04.2)
|
|
| trusty |
Ignored
(trusty doesn't support early microcode loading at runtime)
|
|
| upstream |
Released
(3.20240813.2)
|
|
| xenial |
Released
(3.20240813.0ubuntu0.16.04.1+esm2)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
|
Patches:
upstream: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/cc27f99dbb6646c9fc298896bf95a82769c21838 |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.0 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | High |
| User interaction | None |
| Scope | Changed |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H |
References
- https://www.cve.org/CVERecord?id=CVE-2024-25939
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01118.html
- https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240813
- https://ubuntu.com/security/notices/USN-6967-1
- NVD
- Launchpad
- Debian