Risk | Low |
Patch available | YES |
Number of vulnerabilities | 5 |
CVE-ID | CVE-2023-42667 CVE-2023-49141 CVE-2024-24853 CVE-2024-24980 CVE-2024-25939 |
CWE-ID | CWE-653 CWE-696 CWE-693 CWE-399 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system intel-microcode (Ubuntu package) Operating systems & Components / Operating system package or component |
Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
EUVDB-ID: #VU96257
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42667
CWE-ID:
CWE-653 - Improper isolation or compartmentalization
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper isolation in the Intel Core Ultra Processor stream cache mechanism. A local user can execute arbitrary code with elevated privileges.
Update the affected package intel-microcode to the latest version.
Vulnerable software versionsUbuntu: 16.04 - 24.04
intel-microcode (Ubuntu package): before Ubuntu Pro
External linkshttp://ubuntu.com/security/notices/USN-6967-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96240
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-49141
CWE-ID:
CWE-653 - Improper isolation or compartmentalization
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an improper isolation in some Intel Processors stream cache mechanism. A local user can execute arbitrary code with elevated privileges.
Update the affected package intel-microcode to the latest version.
Vulnerable software versionsUbuntu: 16.04 - 24.04
intel-microcode (Ubuntu package): before Ubuntu Pro
External linkshttp://ubuntu.com/security/notices/USN-6967-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96259
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-24853
CWE-ID:
CWE-696 - Incorrect Behavior Order
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an incorrect behavior order in SMI Transfer monitor (STM). A local user can escalate privileges on the system.
Update the affected package intel-microcode to the latest version.
Vulnerable software versionsUbuntu: 16.04 - 24.04
intel-microcode (Ubuntu package): before Ubuntu Pro
External linkshttp://ubuntu.com/security/notices/USN-6967-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96214
Risk: Low
CVSSv3.1: 3.4 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-24980
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient implementation of security measures. A local privileged user can escalate privileges on the system.
Update the affected package intel-microcode to the latest version.
Vulnerable software versionsUbuntu: 16.04 - 24.04
intel-microcode (Ubuntu package): before Ubuntu Pro
External linkshttp://ubuntu.com/security/notices/USN-6967-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96213
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-25939
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application. Mirrored regions with different values in 3rd Generation Intel Xeon
Scalable Processors may allow a local privileged user to crash the system.
Update the affected package intel-microcode to the latest version.
Vulnerable software versionsUbuntu: 16.04 - 24.04
intel-microcode (Ubuntu package): before Ubuntu Pro
External linkshttp://ubuntu.com/security/notices/USN-6967-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.