#VU104108 Improper access control in Intel products - CVE-2024-36293
Published: February 20, 2025
Vulnerability identifier: #VU104108
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-36293
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Software Guard Extensions (SGX)
3rd Generation Intel Xeon Scalable Processors
11th Generation Intel Core Processors
Intel Xeon E-2300 processor family
Intel Xeon D Processors
8th Generation Intel Core Processors
Intel Xeon E Processors
4th Generation Intel Xeon Scalable Processors
4th Generation Intel Xeon Platinum processors
4th Generation Intel Xeon Gold Processors
4th Generation Intel Xeon Silver Processors
4th Generation Intel Xeon Bronze Processors
Intel Xeon CPU Max Series processors
9th Generation Intel Core Processors
Software Guard Extensions (SGX)
3rd Generation Intel Xeon Scalable Processors
11th Generation Intel Core Processors
Intel Xeon E-2300 processor family
Intel Xeon D Processors
8th Generation Intel Core Processors
Intel Xeon E Processors
4th Generation Intel Xeon Scalable Processors
4th Generation Intel Xeon Platinum processors
4th Generation Intel Xeon Gold Processors
4th Generation Intel Xeon Silver Processors
4th Generation Intel Xeon Bronze Processors
Intel Xeon CPU Max Series processors
9th Generation Intel Core Processors
Software vendor:
Intel
Intel
Description
The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the EDECCSSA user leaf function. A local user can bypass implemented security restrictions and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.