Incorrect behavior order in Intel products - CVE-2024-24853

Vulnerability identifier: #VU96259

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-24853

CWE-ID: CWE-696

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Intel

Affected software:
2nd Generation Intel Xeon Scalable Processors
Intel Xeon W Processors
Intel Core X-series Processor
3rd Generation Intel Xeon Scalable Processors
Intel Xeon E Processors
6th Generation Intel Core Processors
Intel Xeon D Processors
10th Generation Intel Core Processors
11th Generation Intel Core Processors
Intel Xeon Processors
8th Generation Intel Core Processors
2nd generation Intel Core processors
3rd Generation Intel Core Processors
4th Generation Intel Core Processor Family
7th Generation Intel Core Processors
Intel Pentium Gold Processor Series
Intel Celeron Processor 5000 Series
Intel Pentium Processors
Intel Celeron Processor G Series
Intel Xeon E-2300 processor family
Intel Xeon W-1300 Processor Family
Intel Processor Microcode Package for Linux
9th Generation Intel Core Processors

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an incorrect behavior order in SMI Transfer monitor (STM). A local user can escalate privileges on the system.

Install updates from vendor's website.

• https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html