Denial of service in Intel DSA and Intel IAA
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-21823 |
| CWE-ID | CWE-502 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
4th Generation Intel Xeon Scalable Processors Hardware solutions / Firmware 4th Generation Intel Xeon Platinum processors Hardware solutions / Firmware 4th Generation Intel Xeon Silver Processors Hardware solutions / Firmware 4th Generation Intel Xeon Bronze Processors Hardware solutions / Firmware 4th Generation Intel Xeon Gold Processors Hardware solutions / Firmware Intel Xeon W Processors Hardware solutions / Firmware 5th Generation Intel Xeon Scalable processors Hardware solutions / Firmware Intel Driver and Support Assistant (DSA) Hardware solutions / Firmware MPI Library Universal components / Libraries / Libraries used by multiple products DSA Transparent Offload Library (DTO) Universal components / Libraries / Software for developers OFI Libfabric Shared Memory Provider Universal components / Libraries / Software for developers Data Mover Library (DML) Universal components / Libraries / Software for developers Query Processing Library (QPL) Universal components / Libraries / Software for developers |
| Vendor | Intel |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Deserialization of Untrusted Data
EUVDB-ID: #VU89676
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21823
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insecure deserialization in hardware logic. A local user can perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versions4th Generation Intel Xeon Scalable Processors: All versions
4th Generation Intel Xeon Platinum processors: All versions
4th Generation Intel Xeon Silver Processors: All versions
4th Generation Intel Xeon Bronze Processors: All versions
4th Generation Intel Xeon Gold Processors: All versions
Intel Xeon W Processors: All versions
5th Generation Intel Xeon Scalable processors: All versions
MPI Library: before 2024.0
Intel Driver and Support Assistant (DSA): before 24.9
DSA Transparent Offload Library (DTO): before 1.1
OFI Libfabric Shared Memory Provider: before 1.21.1
Data Mover Library (DML): before 1.2.0
Query Processing Library (QPL): before 1.6.0
CPE2.3- cpe:2.3:h:intel:4th_generation_intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:4th_generation_intel_xeon_platinum_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:4th_generation_intel_xeon_silver_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:4th_generation_intel_xeon_bronze_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:4th_generation_intel_xeon_gold_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_w_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:5th_generation_intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:mpi_library:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_dsa:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:dsa_transparent_offload_library_dto:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:ofi_libfabric_shared_memory_provider:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:data_mover_library_dml:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:query_processing_library_qpl:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01084.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
