CVE-2024-37020
Publication date 12 February 2025
Last updated 30 May 2025
Ubuntu priority
Sequence of processor instructions leads to unexpected behavior in the Intel(R) DSA V1.0 for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable denial of service via local access.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| intel-microcode | 24.10 oracular | Ignored not fixable by OS microcode |
| 24.04 LTS noble | Ignored not fixable by OS microcode | |
| 22.04 LTS jammy | Ignored not fixable by OS microcode | |
| 20.04 LTS focal | Ignored not fixable by OS microcode | |
| 18.04 LTS bionic | Ignored not fixable by OS microcode | |
| 16.04 LTS xenial | Ignored not fixable by OS microcode | |
| 14.04 LTS trusty | Ignored not fixable by OS microcode |
Notes
alexmurray
There is no evidence that this CVE can be addressed by a microcode update from the OS itself, only from the BIOS
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
3.8 · Low
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Changed |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | Low |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L |
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2024-37020
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01194.html
- https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250211
- https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01194.html