- 231/2024
- High
Intel has released security updates to address several vulnerabilities across multiple Intel products.
The addressed vulnerabilities could allow the attacker to gain elevated privileges, conduct an information disclosure, perform denial of service attacks, obtain sensitive information, and gain access to the affected systems.
Samples of the addressed vulnerabilities:
1. Intel® Ethernet Complete Driver Pack Escalation of Privilege Vulnerability (CVE-2024-21810):
- CVSS: 8.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
2. Intel® TDX Module Software Denial of Service Vulnerability (CVE-2024-21801):
- CVSS: 7.1
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
Sample of the affected products:
- Intel® Ethernet Complete Driver Pack.
- Intel® License Manager.
- Intel® CSME.
- Intel® Distribution for GDB Software.
- Intel® VROC.
- Intel® ISH Software.
- Intel® TDX Module Software.
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.