Intel Xeon SGX Local Priv Escalation via Memory Controller Check
CVE-2024-23918 Published on November 13, 2024

Improper conditions check in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access.

NVD

Vulnerability Analysis

CVE-2024-23918 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

DEPRECATED: Improper Sanitization of Custom Special Characters

This entry has been deprecated. It originally came from PLOVER, which sometimes defined "other" and "miscellaneous" categories in order to satisfy exhaustiveness requirements for taxonomies. Within the context of CWE, the use of a more abstract entry is preferred in mapping situations. CWE-75 is a more appropriate mapping.


Products Associated with CVE-2024-23918

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-23918 are published in these products:

Canonical Ubuntu Linux
 
3rd Generation Intel Xeon Scalable Processor Family
 
4th Generation Intel Xeon Processor Scalable Family
 
5th Generation Intel Xeon Processor Scalable Family
 
Intel Xeon D Processor
 

Exploit Probability

EPSS
0.06%
Percentile
18.61%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.