Lucene search

IntelCVE-2024-39283

HistoryAug 14, 2024 - 2:15 p.m.

CVE-2024-39283

2024-08-1414:15:27

CWE-791

intel

web.nvd.nist.gov

intel tdx privilege escalation filtering

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS4

8.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/SC:H/VI:H/SI:H/VA:N/SA:N

AI Score

7.2

Confidence

High

EPSS

Percentile

9.5%

JSON

Incomplete filtering of special elements in Intel® TDX module software before version TDX_1.5.01.00.592 may allow an authenticated user to potentially enable escalation of privilege via local access.

Affected configurations

Nvd

Vulnrichment

Node

inteltdx_module_softwareRange<1.5.01.00.592

VendorProductVersionCPE
inteltdx_module_software*cpe:2.3:a:intel:tdx_module_software:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
intel	tdx_module_software	*	cpe:2.3:a:intel:tdx_module_software::::::::

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Intel(R) TDX module software",
    "versions": [
      {
        "version": "before version TDX_1.5.01.00.592",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01010.html

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS4

8.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/SC:H/VI:H/SI:H/VA:N/SA:N

AI Score

7.2

Confidence

High

EPSS

Percentile

9.5%

JSON

Related for CVE-2024-39283