Improper access control in Intel products - CVE-2024-36293
Published: February 20, 2025
Vulnerability identifier: #VU104108
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-36293
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Intel
Affected software:
Software Guard Extensions (SGX)
3rd Generation Intel Xeon Scalable Processors
11th Generation Intel Core Processors
Intel Xeon E-2300 processor family
Intel Xeon D Processors
8th Generation Intel Core Processors
Intel Xeon E Processors
4th Generation Intel Xeon Scalable Processors
4th Generation Intel Xeon Platinum processors
4th Generation Intel Xeon Gold Processors
4th Generation Intel Xeon Silver Processors
4th Generation Intel Xeon Bronze Processors
Intel Xeon CPU Max Series processors
9th Generation Intel Core Processors
Software Guard Extensions (SGX)
3rd Generation Intel Xeon Scalable Processors
11th Generation Intel Core Processors
Intel Xeon E-2300 processor family
Intel Xeon D Processors
8th Generation Intel Core Processors
Intel Xeon E Processors
4th Generation Intel Xeon Scalable Processors
4th Generation Intel Xeon Platinum processors
4th Generation Intel Xeon Gold Processors
4th Generation Intel Xeon Silver Processors
4th Generation Intel Xeon Bronze Processors
Intel Xeon CPU Max Series processors
9th Generation Intel Core Processors
Detailed vulnerability description
The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the EDECCSSA user leaf function. A local user can bypass implemented security restrictions and perform a denial of service (DoS) attack.
How to mitigate CVE-2024-36293
Install updates from vendor's website.