Privilege Escalation Vulnerability in Intel DSA and IAA Products
CVE-2024-21823

7.5HIGH

Key Information:

Vendor: Intel
Status: Intel(r) Dsa And Intel(r) Iaa For Some Intel(r) 4th Or 5th Generation Xeon(r) Processors
Vendor: CVE Published:; 16 May 2024

What is CVE-2024-21823?

A vulnerability exists within the hardware logic of Intel DSA and Intel IAA associated with the 4th and 5th generation Xeon processors that can enable an authorized user to engage in privilege escalation. This issue stems from insecure de-synchronization, which may inadvertently facilitate unauthorized access to sensitive system functions. It underscores the importance of applying necessary mitigations to safeguard systems leveraging these Intel technologies.

Affected Version(s)

Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors See references

References

https://www.intel.com/content/www/us/en/security-center/a...

https://lists.fedoraproject.org/archives/list/package-ann...

http://www.openwall.com/lists/oss-security/2024/05/15/1

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 16, 2024
Vulnerability Reserved
Jan 24, 2024