#VU96259 Incorrect behavior order in Intel products - CVE-2024-24853

Vulnerability identifier: #VU96259

Vulnerability risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-24853

CWE-ID: CWE-696

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
2nd Generation Intel Xeon Scalable Processors
Hardware solutions / Firmware
Intel Xeon W Processors
Hardware solutions / Firmware
Intel Core X-series Processor
Hardware solutions / Firmware
3rd Generation Intel Xeon Scalable Processors
Hardware solutions / Firmware
Intel Xeon E Processors
Hardware solutions / Firmware
6th Generation Intel Core Processors
Hardware solutions / Firmware
Intel Xeon D Processors
Hardware solutions / Firmware
10th Generation Intel Core Processors
Hardware solutions / Firmware
11th Generation Intel Core Processors
Hardware solutions / Firmware
Intel Xeon Processors
Hardware solutions / Firmware
8th Generation Intel Core Processors
Hardware solutions / Firmware
2nd generation Intel Core processors
Hardware solutions / Firmware
3rd Generation Intel Core Processors
Hardware solutions / Firmware
4th Generation Intel Core Processor Family
Hardware solutions / Firmware
7th Generation Intel Core Processors
Hardware solutions / Firmware
Intel Pentium Gold Processor Series
Hardware solutions / Firmware
Intel Celeron Processor 5000 Series
Hardware solutions / Firmware
Intel Pentium Processors
Hardware solutions / Firmware
Intel Celeron Processor G Series
Hardware solutions / Firmware
Intel Xeon E-2300 processor family
Hardware solutions / Firmware
Intel Xeon W-1300 Processor Family
Hardware solutions / Firmware
Intel Processor Microcode Package for Linux
Hardware solutions / Firmware
9th Generation Intel Core Processors
Client/Desktop applications / Web browsers

Vendor: Intel

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an incorrect behavior order in SMI Transfer monitor (STM). A local user can escalate privileges on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

2nd Generation Intel Xeon Scalable Processors: All versions

Intel Xeon W Processors: All versions

Intel Core X-series Processor: All versions

3rd Generation Intel Xeon Scalable Processors: All versions

Intel Xeon E Processors: All versions

6th Generation Intel Core Processors: All versions

Intel Xeon D Processors: All versions

10th Generation Intel Core Processors: All versions

11th Generation Intel Core Processors: All versions

Intel Xeon Processors: All versions

8th Generation Intel Core Processors: All versions

2nd generation Intel Core processors: All versions

3rd Generation Intel Core Processors: All versions

4th Generation Intel Core Processor Family: All versions

7th Generation Intel Core Processors: All versions

9th Generation Intel Core Processors: All versions

Intel Pentium Gold Processor Series: All versions

Intel Celeron Processor 5000 Series: All versions

Intel Pentium Processors: All versions

Intel Celeron Processor G Series: All versions

Intel Xeon E-2300 processor family: All versions

Intel Xeon W-1300 Processor Family: All versions

Intel Processor Microcode Package for Linux: 20190312 - 20240531

---

External links
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.