The vulnerability of the Intel Virtualization Technology for Directed I/O (VT-d) implementation arises due to incomplete cleanup of temporary or auxiliary resources, allowing attackers to exploit their privileges.

🗓️ 06 Jul 2021 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 3 Views

VT-d vulnerability due to incomplete cleanup of temporary resources allows attackers to escalate privileges.

Reporter	Title	Published	Views	Family All 196
IBM Security Bulletins	Security Bulletin: Linux Kernel as used by IBM QRadar SIEM contains multiple vulnerabilities	3 Dec 202118:41	–	ibm
IBM Security Bulletins	Security Bulletin: Kernel as used by IBM QRadar Network Packet Capture contains multiple vulnerabilities	14 Oct 202120:23	–	ibm
ATTACKERKB	CVE-2020-24489	9 Jun 202120:15	–	attackerkb
Tenable Nessus	Alibaba Cloud Linux 3 : 0040: microcode_ctl (ALINUX3-SA-2021:0040)	14 May 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0057: microcode_ctl (ALINUX3-SA-2021:0057)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : microcode_ctl (ALSA-2021:2308)	9 Feb 202200:00	–	nessus
Tenable Nessus	AlmaLinux 8 : microcode_ctl (ALSA-2021:3027)	9 Feb 202200:00	–	nessus
Tenable Nessus	CentOS 8 : microcode_ctl (CESA-2021:2308)	16 Jun 202100:00	–	nessus
Tenable Nessus	CentOS 8 : microcode_ctl (CESA-2021:3027)	9 Aug 202100:00	–	nessus
Tenable Nessus	CentOS 7 : microcode_ctl (CESA-2021:3028)	9 Aug 202100:00	–	nessus

Source	Link
access	www.access.redhat.com/security/cve/cve-2020-24489
intel	www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-24489
wiki	www.wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17
wiki	www.wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
web	www.web.nvd.nist.gov/view/vuln/detail

03 Oct 2022 00:00Current

6.8Medium risk

Vulners AI Score6.8

CVSS 26.8

CVSS 38.8

EPSS0.00073

Intel virtualization directed input output temporary resources privilege escalation