Analysis Summary

CVE-2024-25939 CVSS:6

Intel 3rd Generation Xeon Scalable Processor is vulnerable to a denial of service, caused by an issue with mirrored regions with different values. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2023-38655 CVSS:6.8

Intel Active Management Technology (AMT) and Standard Manageability are vulnerable to a denial of service, caused by improper buffer restrictions in the firmware. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2023-48361 CVSS:2.3

Intel Converged Security and Manageability Engine (CSME) could allow a local authenticated attacker to obtain sensitive information, caused by improper initialization in the firmware. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

Impact

• Denial of Service
• Information Disclosure

Indicators of Compromise

CVE

• CVE-2024-25939
• CVE-2023-38655
• CVE-2023-48361

Affected Vendors

Affected Products

• Intel Standard Manageability
• Intel 3rd Generation Xeon Scalable Processors
• Intel Active Management Technology (AMT)
• Intel Converged Security and Manageability Engine (CSME)

Remediation

Refer to Intel Security Advisory for patch, upgrade or suggested workaround information.

CVE-2024-25939

CVE-2023-38655

CVE-2023-48361