CVE-2024-48869
Published: May 15, 2025Last modified: June 17, 2025
Description
Improper restriction of software interfaces to hardware features for some Intel(R) Xeon(R) 6 processor with E-cores when using Intel(R) Trust Domain Extensions (Intel(R) TDX) or Intel(R) Software Guard Extensions (Intel(R) SGX) may allow a privileged user to potentially enable escalation of privilege via local access.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.1 |
| Attack Vector | LOCAL |
| Attack complexity | HIGH |
| Privileges required | HIGH |
| User interaction | NONE |
| Scope | CHANGED |
| Confidentiality | LOW |
| Integrity impact | HIGH |
| Availability impact | NONE |
| Vector | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N |
Notes
As of June 17th, the latest microcode does not list a fix for this SA: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | intel-ucode | Unknown (20230516a-r0) |
| Stream | intel-ucode | Unknown (20230214-r0) |