#VU104007 Sequence of processor instructions leads to unexpected behavior in Intel products - CVE-2024-37020


Vulnerability identifier: #VU104007

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-37020

CWE-ID: CWE-1281

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Intel Driver and Support Assistant (DSA)
Hardware solutions / Firmware
4th Generation Intel Xeon Scalable Processors
Hardware solutions / Firmware
4th Generation Intel Xeon Platinum processors
Hardware solutions / Firmware
4th Generation Intel Xeon Gold Processors
Hardware solutions / Firmware
4th Generation Intel Xeon Silver Processors
Hardware solutions / Firmware
4th Generation Intel Xeon Bronze Processors
Hardware solutions / Firmware
4th Generation Intel Xeon Scalable Processors with Intel vRAN
Hardware solutions / Firmware
Intel Xeon W workstation processors
Hardware solutions / Firmware
5th Generation Intel Xeon Scalable processors
Hardware solutions / Firmware
Intel Atom P6900 Processor
Hardware solutions / Firmware
Intel Xeon 6 processor with E-cores
Hardware solutions / Firmware

Vendor: Intel

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error related to processing of Sequence of processor instructions. A local user can cause a denial of service condition on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Intel Driver and Support Assistant (DSA): All versions

4th Generation Intel Xeon Scalable Processors: All versions

4th Generation Intel Xeon Platinum processors: All versions

4th Generation Intel Xeon Gold Processors: All versions

4th Generation Intel Xeon Silver Processors: All versions

4th Generation Intel Xeon Bronze Processors: All versions

4th Generation Intel Xeon Scalable Processors with Intel vRAN: All versions

Intel Xeon W workstation processors: All versions

5th Generation Intel Xeon Scalable processors: All versions

Intel Atom P6900 Processor: All versions

Intel Xeon 6 processor with E-cores: All versions

External links
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01194.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for ucode-intel
SUSE update for ucode-intel
openEuler update for microcode_ctl
Fedora 41 update for microcode_ctl
Fedora 40 update for microcode_ctl
Denial of service in Intel Data Streaming Accelerator