Possible Escalation of Privilege via Local Access in Intel TDX Module Software
CVE-2024-39283

7.8HIGH

Key Information:

Vendor: Intel
Status: Intel(r) Tdx Module Software
Vendor: CVE Published:; 14 August 2024

What is CVE-2024-39283?

The Intel TDX module software, prior to version TDX_1.5.01.00.592, exhibits an incomplete filtering issue regarding special elements. This vulnerability may permit an authenticated user to potentially achieve privilege escalation through local access, thereby compromising system security. It is critical for users of affected versions to address this issue to mitigate potential risks associated with unauthorized access and control.

Affected Version(s)

Intel(R) TDX module software before version TDX_1.5.01.00.592

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 14, 2024
Vulnerability Reserved
Jun 25, 2024