Analysis Summary

CVE-2024-21850 CVSS:6

Intel TDX Seamldr Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by sensitive information in resource not removed before reuse. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-36245 CVSS:6.7

Intel VTune Profiler software could allow a local authenticated attacker to gain elevated privileges on the system, caused by uncontrolled search path. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to escalate privilege.

CVE-2024-21853 CVSS:4.7

Intel Xeon Processor is vulnerable to a denial of service, caused by improper Finite State Machines (FSMs) in the Hardware logic. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-29085 CVSS:5.5

Intel BigDL could allow a remote authenticated attacker from within the local network to gain elevated privileges on the system, caused by improper access control. An attacker could exploit this vulnerability to gain elevated privileges on the system.

Impact

• Privilege Escalation
• Denial of Service

Indicators of Compromise

CVE

• CVE-2024-21850
• CVE-2024-36245
• CVE-2024-21853
• CVE-2024-29085

Affected Vendors

Affected Products

• Intel 4th Generation Intel Xeon Scalable Processors
• Intel 4th Generation Intel Xeon Platinum Processors
• Intel 4th Generation Intel Xeon Gold Processors
• Intel VTune Profiler
• Intel TDX Seamldr module software
• Intel 4th Generation Intel Xeon Silver Processor
• Intel BigDL

Remediation

Refer to INTEL Security Advisory for patch, upgrade or suggested workaround information.

CVE-2024-21850

CVE-2024-36245

CVE-2024-21853

CVE-2024-29085