Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-24853 (GCVE-0-2024-24853)
Vulnerability from cvelistv5 – Published: 2024-08-14 13:45 – Updated: 2024-08-16 04:01
VLAI
EPSS
Summary
Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access.
Severity
7.2 (High)
CWE
- escalation of privilege
- CWE-696 - Incorrect behavior order
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Intel(R) Processor |
Affected:
See references
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:processor:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "processor",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24853",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T04:01:35.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Processor",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-696",
"description": "Incorrect behavior order",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T13:45:31.607Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-24853",
"datePublished": "2024-08-14T13:45:31.607Z",
"dateReserved": "2024-02-08T04:00:11.905Z",
"dateUpdated": "2024-08-16T04:01:35.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-24853",
"date": "2026-05-30",
"epss": "0.00088",
"percentile": "0.2525"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-24853\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2024-08-14T14:15:21.380\",\"lastModified\":\"2024-08-14T17:49:14.177\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access.\"},{\"lang\":\"es\",\"value\":\" El orden de comportamiento incorrecto en la transici\u00f3n entre el monitor ejecutivo y el monitor de transferencia SMI (STM) en algunos procesadores Intel(R) puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"secure@intel.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"secure@intel.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.6,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"secure@intel.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-696\"}]}],\"references\":[{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html\",\"source\":\"secure@intel.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-24853\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-14T19:14:11.117804Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:intel:processor:*:*:*:*:*:*:*:*\"], \"vendor\": \"intel\", \"product\": \"processor\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-14T19:17:14.428Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 7.3, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"Intel(R) Processor\", \"versions\": [{\"status\": \"affected\", \"version\": \"See references\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html\", \"name\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"escalation of privilege\"}, {\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-696\", \"description\": \"Incorrect behavior order\"}]}], \"providerMetadata\": {\"orgId\": \"6dda929c-bb53-4a77-a76d-48e79601a1ce\", \"shortName\": \"intel\", \"dateUpdated\": \"2024-08-14T13:45:31.607Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-24853\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-16T04:01:35.677Z\", \"dateReserved\": \"2024-02-08T04:00:11.905Z\", \"assignerOrgId\": \"6dda929c-bb53-4a77-a76d-48e79601a1ce\", \"datePublished\": \"2024-08-14T13:45:31.607Z\", \"assignerShortName\": \"intel\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
SUSE-SU-2026:0670-1
Vulnerability from csaf_suse - Published: 2026-02-26 15:21 - Updated: 2026-02-26 15:21Summary
Security update for ucode-intel
Severity
Important
Notes
Title of the patch: Security update for ucode-intel
Description of the patch: This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20260210 release (bsc#1258046)
- CVE-2024-24853: Updated fix for incorrect behavior order in transition
between executive monitor and SMI transfer monitor (STM) in some Intel(R)
Processor may allow a privileged user to potentially enable escalation
of privilege via local access. (bsc#1229129)
- CVE-2025-31648: Improper handling of values in the microcode flow for
some Intel Processor Family may allow an escalation of privilege. (bsc#1258046)
Patchnames: SUSE-2026-670,SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2026-670
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.2 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:microcode_ctl-1.17-102.83.90.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:microcode_ctl-1.17-102.83.90.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ucode-intel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ucode-intel fixes the following issues:\n\n- Intel CPU Microcode was updated to the 20260210 release (bsc#1258046)\n- CVE-2024-24853: Updated fix for incorrect behavior order in transition\n between executive monitor and SMI transfer monitor (STM) in some Intel(R)\n Processor may allow a privileged user to potentially enable escalation\n of privilege via local access. (bsc#1229129)\n- CVE-2025-31648: Improper handling of values in the microcode flow for\n some Intel Processor Family may allow an escalation of privilege. (bsc#1258046)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-670,SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2026-670",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0670-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0670-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260670-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0670-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024440.html"
},
{
"category": "self",
"summary": "SUSE Bug 1229129",
"url": "https://bugzilla.suse.com/1229129"
},
{
"category": "self",
"summary": "SUSE Bug 1258046",
"url": "https://bugzilla.suse.com/1258046"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-24853 page",
"url": "https://www.suse.com/security/cve/CVE-2024-24853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31648 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31648/"
}
],
"title": "Security update for ucode-intel",
"tracking": {
"current_release_date": "2026-02-26T15:21:41Z",
"generator": {
"date": "2026-02-26T15:21:41Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0670-1",
"initial_release_date": "2026-02-26T15:21:41Z",
"revision_history": [
{
"date": "2026-02-26T15:21:41Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "microcode_ctl-1.17-102.83.90.1.x86_64",
"product": {
"name": "microcode_ctl-1.17-102.83.90.1.x86_64",
"product_id": "microcode_ctl-1.17-102.83.90.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles_ltss-extreme-core:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "microcode_ctl-1.17-102.83.90.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:microcode_ctl-1.17-102.83.90.1.x86_64"
},
"product_reference": "microcode_ctl-1.17-102.83.90.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-24853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-24853"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:microcode_ctl-1.17-102.83.90.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-24853",
"url": "https://www.suse.com/security/cve/CVE-2024-24853"
},
{
"category": "external",
"summary": "SUSE Bug 1229129 for CVE-2024-24853",
"url": "https://bugzilla.suse.com/1229129"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:microcode_ctl-1.17-102.83.90.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:microcode_ctl-1.17-102.83.90.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-26T15:21:41Z",
"details": "important"
}
],
"title": "CVE-2024-24853"
},
{
"cve": "CVE-2025-31648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31648"
}
],
"notes": [
{
"category": "general",
"text": "Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:microcode_ctl-1.17-102.83.90.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31648",
"url": "https://www.suse.com/security/cve/CVE-2025-31648"
},
{
"category": "external",
"summary": "SUSE Bug 1258046 for CVE-2025-31648",
"url": "https://bugzilla.suse.com/1258046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:microcode_ctl-1.17-102.83.90.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:microcode_ctl-1.17-102.83.90.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-26T15:21:41Z",
"details": "moderate"
}
],
"title": "CVE-2025-31648"
}
]
}
SUSE-SU-2026:20522-1
Vulnerability from csaf_suse - Published: 2026-02-26 10:48 - Updated: 2026-02-26 10:48Summary
Security update for ucode-intel
Severity
Important
Notes
Title of the patch: Security update for ucode-intel
Description of the patch: This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20260210 release (bsc#1258046):
- CVE-2024-24853: Updated fix for incorrect behavior order in transition
between executive monitor and SMI transfer monitor (STM) in some Intel(R)
Processor may allow a privileged user to potentially enable escalation
of privilege via local access (bsc#1229129).
- CVE-2025-31648: Improper handling of values in the
microcode flow for some Intel Processor Family may allow
an escalation of privilege (bsc#1258046).
Patchnames: SUSE-SLE-Micro-6.0-598
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.2 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:ucode-intel-20260210-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:ucode-intel-20260210-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ucode-intel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ucode-intel fixes the following issues:\n\n- Intel CPU Microcode was updated to the 20260210 release (bsc#1258046):\n\n - CVE-2024-24853: Updated fix for incorrect behavior order in transition\n between executive monitor and SMI transfer monitor (STM) in some Intel(R)\n Processor may allow a privileged user to potentially enable escalation\n of privilege via local access (bsc#1229129).\n\n - CVE-2025-31648: Improper handling of values in the\n microcode flow for some Intel Processor Family may allow\n an escalation of privilege (bsc#1258046).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-598",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20522-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20522-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620522-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20522-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024500.html"
},
{
"category": "self",
"summary": "SUSE Bug 1229129",
"url": "https://bugzilla.suse.com/1229129"
},
{
"category": "self",
"summary": "SUSE Bug 1258046",
"url": "https://bugzilla.suse.com/1258046"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-24853 page",
"url": "https://www.suse.com/security/cve/CVE-2024-24853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31648 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31648/"
}
],
"title": "Security update for ucode-intel",
"tracking": {
"current_release_date": "2026-02-26T10:48:45Z",
"generator": {
"date": "2026-02-26T10:48:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20522-1",
"initial_release_date": "2026-02-26T10:48:45Z",
"revision_history": [
{
"date": "2026-02-26T10:48:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20260210-1.1.x86_64",
"product": {
"name": "ucode-intel-20260210-1.1.x86_64",
"product_id": "ucode-intel-20260210-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20260210-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:ucode-intel-20260210-1.1.x86_64"
},
"product_reference": "ucode-intel-20260210-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-24853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-24853"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:ucode-intel-20260210-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-24853",
"url": "https://www.suse.com/security/cve/CVE-2024-24853"
},
{
"category": "external",
"summary": "SUSE Bug 1229129 for CVE-2024-24853",
"url": "https://bugzilla.suse.com/1229129"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:ucode-intel-20260210-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:ucode-intel-20260210-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-26T10:48:45Z",
"details": "important"
}
],
"title": "CVE-2024-24853"
},
{
"cve": "CVE-2025-31648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31648"
}
],
"notes": [
{
"category": "general",
"text": "Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:ucode-intel-20260210-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31648",
"url": "https://www.suse.com/security/cve/CVE-2025-31648"
},
{
"category": "external",
"summary": "SUSE Bug 1258046 for CVE-2025-31648",
"url": "https://bugzilla.suse.com/1258046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:ucode-intel-20260210-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:ucode-intel-20260210-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-26T10:48:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-31648"
}
]
}
SUSE-SU-2026:20682-1
Vulnerability from csaf_suse - Published: 2026-03-06 13:29 - Updated: 2026-03-06 13:29Summary
Security update for ucode-intel
Severity
Important
Notes
Title of the patch: Security update for ucode-intel
Description of the patch: This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20260210 release (bsc#1258046):
- CVE-2024-24853: Updated fix for incorrect behavior order in transition
between executive monitor and SMI transfer monitor (STM) in some Intel(R)
Processor may allow a privileged user to potentially enable escalation
of privilege via local access (bsc#1229129).
- CVE-2025-31648: Improper handling of values in the
microcode flow for some Intel Processor Family may allow
an escalation of privilege (bsc#1258046).
Patchnames: SUSE-SLE-Micro-6.1-430
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.2 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:ucode-intel-20260210-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:ucode-intel-20260210-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ucode-intel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ucode-intel fixes the following issues:\n\n- Intel CPU Microcode was updated to the 20260210 release (bsc#1258046):\n\n - CVE-2024-24853: Updated fix for incorrect behavior order in transition\n between executive monitor and SMI transfer monitor (STM) in some Intel(R)\n Processor may allow a privileged user to potentially enable escalation\n of privilege via local access (bsc#1229129).\n\n - CVE-2025-31648: Improper handling of values in the\n microcode flow for some Intel Processor Family may allow\n an escalation of privilege (bsc#1258046).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-430",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20682-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20682-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620682-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20682-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024736.html"
},
{
"category": "self",
"summary": "SUSE Bug 1229129",
"url": "https://bugzilla.suse.com/1229129"
},
{
"category": "self",
"summary": "SUSE Bug 1258046",
"url": "https://bugzilla.suse.com/1258046"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-24853 page",
"url": "https://www.suse.com/security/cve/CVE-2024-24853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31648 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31648/"
}
],
"title": "Security update for ucode-intel",
"tracking": {
"current_release_date": "2026-03-06T13:29:07Z",
"generator": {
"date": "2026-03-06T13:29:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20682-1",
"initial_release_date": "2026-03-06T13:29:07Z",
"revision_history": [
{
"date": "2026-03-06T13:29:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20260210-slfo.1.1_1.1.x86_64",
"product": {
"name": "ucode-intel-20260210-slfo.1.1_1.1.x86_64",
"product_id": "ucode-intel-20260210-slfo.1.1_1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20260210-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:ucode-intel-20260210-slfo.1.1_1.1.x86_64"
},
"product_reference": "ucode-intel-20260210-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-24853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-24853"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:ucode-intel-20260210-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-24853",
"url": "https://www.suse.com/security/cve/CVE-2024-24853"
},
{
"category": "external",
"summary": "SUSE Bug 1229129 for CVE-2024-24853",
"url": "https://bugzilla.suse.com/1229129"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:ucode-intel-20260210-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:ucode-intel-20260210-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-06T13:29:07Z",
"details": "important"
}
],
"title": "CVE-2024-24853"
},
{
"cve": "CVE-2025-31648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31648"
}
],
"notes": [
{
"category": "general",
"text": "Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:ucode-intel-20260210-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31648",
"url": "https://www.suse.com/security/cve/CVE-2025-31648"
},
{
"category": "external",
"summary": "SUSE Bug 1258046 for CVE-2025-31648",
"url": "https://bugzilla.suse.com/1258046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:ucode-intel-20260210-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:ucode-intel-20260210-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-06T13:29:07Z",
"details": "moderate"
}
],
"title": "CVE-2025-31648"
}
]
}
SUSE-SU-2026:20758-1
Vulnerability from csaf_suse - Published: 2026-03-19 09:31 - Updated: 2026-03-19 09:31Summary
Security update for ucode-intel
Severity
Moderate
Notes
Title of the patch: Security update for ucode-intel
Description of the patch: This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20260210 release (bsc#1258046):
- CVE-2024-24853: Updated fix for incorrect behavior order in transition
between executive monitor and SMI transfer monitor (STM) in some Intel(R)
Processor may allow a privileged user to potentially enable escalation
of privilege via local access (bsc#1229129).
- CVE-2025-31648: Improper handling of values in the
microcode flow for some Intel Processor Family may allow
an escalation of privilege (bsc#1258046).
- Intel CPU Microcode was updated to the 20251111 release (bsc#1253319):
- Update for functional issues.
- switch the supplements to use supplements + kernel to allow
moving a installation to Intel hardware (bsc#1249138)
- Intel CPU Microcode was updated to the 20241029 release (bsc#1230400):
- Update for functional issues.
Patchnames: SUSE-SL-Micro-6.2-415
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.2 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:ucode-intel-20260210-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:ucode-intel-20260210-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ucode-intel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ucode-intel fixes the following issues:\n\n- Intel CPU Microcode was updated to the 20260210 release (bsc#1258046):\n\n - CVE-2024-24853: Updated fix for incorrect behavior order in transition\n between executive monitor and SMI transfer monitor (STM) in some Intel(R)\n Processor may allow a privileged user to potentially enable escalation\n of privilege via local access (bsc#1229129).\n\n - CVE-2025-31648: Improper handling of values in the\n microcode flow for some Intel Processor Family may allow\n an escalation of privilege (bsc#1258046).\n\n- Intel CPU Microcode was updated to the 20251111 release (bsc#1253319):\n\n - Update for functional issues.\n\n- switch the supplements to use supplements + kernel to allow\n moving a installation to Intel hardware (bsc#1249138)\n\n- Intel CPU Microcode was updated to the 20241029 release (bsc#1230400):\n\n - Update for functional issues.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-415",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20758-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20758-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620758-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20758-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024828.html"
},
{
"category": "self",
"summary": "SUSE Bug 1229129",
"url": "https://bugzilla.suse.com/1229129"
},
{
"category": "self",
"summary": "SUSE Bug 1230400",
"url": "https://bugzilla.suse.com/1230400"
},
{
"category": "self",
"summary": "SUSE Bug 1249138",
"url": "https://bugzilla.suse.com/1249138"
},
{
"category": "self",
"summary": "SUSE Bug 1253319",
"url": "https://bugzilla.suse.com/1253319"
},
{
"category": "self",
"summary": "SUSE Bug 1258046",
"url": "https://bugzilla.suse.com/1258046"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-24853 page",
"url": "https://www.suse.com/security/cve/CVE-2024-24853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31648 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31648/"
}
],
"title": "Security update for ucode-intel",
"tracking": {
"current_release_date": "2026-03-19T09:31:38Z",
"generator": {
"date": "2026-03-19T09:31:38Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20758-1",
"initial_release_date": "2026-03-19T09:31:38Z",
"revision_history": [
{
"date": "2026-03-19T09:31:38Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20260210-160000.1.1.x86_64",
"product": {
"name": "ucode-intel-20260210-160000.1.1.x86_64",
"product_id": "ucode-intel-20260210-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:transactional"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20260210-160000.1.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:ucode-intel-20260210-160000.1.1.x86_64"
},
"product_reference": "ucode-intel-20260210-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-24853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-24853"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:ucode-intel-20260210-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-24853",
"url": "https://www.suse.com/security/cve/CVE-2024-24853"
},
{
"category": "external",
"summary": "SUSE Bug 1229129 for CVE-2024-24853",
"url": "https://bugzilla.suse.com/1229129"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:ucode-intel-20260210-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:ucode-intel-20260210-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-19T09:31:38Z",
"details": "important"
}
],
"title": "CVE-2024-24853"
},
{
"cve": "CVE-2025-31648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31648"
}
],
"notes": [
{
"category": "general",
"text": "Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:ucode-intel-20260210-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31648",
"url": "https://www.suse.com/security/cve/CVE-2025-31648"
},
{
"category": "external",
"summary": "SUSE Bug 1258046 for CVE-2025-31648",
"url": "https://bugzilla.suse.com/1258046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:ucode-intel-20260210-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:ucode-intel-20260210-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-19T09:31:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-31648"
}
]
}
SUSE-SU-2026:20941-1
Vulnerability from csaf_suse - Published: 2026-03-19 09:31 - Updated: 2026-03-19 09:31Summary
Security update for ucode-intel
Severity
Moderate
Notes
Title of the patch: Security update for ucode-intel
Description of the patch: This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20260210 release (bsc#1258046):
- CVE-2024-24853: Updated fix for incorrect behavior order in transition
between executive monitor and SMI transfer monitor (STM) in some Intel(R)
Processor may allow a privileged user to potentially enable escalation
of privilege via local access (bsc#1229129).
- CVE-2025-31648: Improper handling of values in the
microcode flow for some Intel Processor Family may allow
an escalation of privilege (bsc#1258046).
- Intel CPU Microcode was updated to the 20251111 release (bsc#1253319):
- Update for functional issues.
- switch the supplements to use supplements + kernel to allow
moving a installation to Intel hardware (bsc#1249138)
- Intel CPU Microcode was updated to the 20241029 release (bsc#1230400):
- Update for functional issues.
Patchnames: SUSE-SLES-16.0-415
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.2 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:ucode-intel-20260210-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:ucode-intel-20260210-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:ucode-intel-20260210-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:ucode-intel-20260210-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ucode-intel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ucode-intel fixes the following issues:\n\n- Intel CPU Microcode was updated to the 20260210 release (bsc#1258046):\n\n - CVE-2024-24853: Updated fix for incorrect behavior order in transition\n between executive monitor and SMI transfer monitor (STM) in some Intel(R)\n Processor may allow a privileged user to potentially enable escalation\n of privilege via local access (bsc#1229129).\n\n - CVE-2025-31648: Improper handling of values in the\n microcode flow for some Intel Processor Family may allow\n an escalation of privilege (bsc#1258046).\n\n- Intel CPU Microcode was updated to the 20251111 release (bsc#1253319):\n\n - Update for functional issues.\n\n- switch the supplements to use supplements + kernel to allow\n moving a installation to Intel hardware (bsc#1249138)\n\n- Intel CPU Microcode was updated to the 20241029 release (bsc#1230400):\n\n - Update for functional issues.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-415",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20941-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20941-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620941-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20941-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045211.html"
},
{
"category": "self",
"summary": "SUSE Bug 1229129",
"url": "https://bugzilla.suse.com/1229129"
},
{
"category": "self",
"summary": "SUSE Bug 1230400",
"url": "https://bugzilla.suse.com/1230400"
},
{
"category": "self",
"summary": "SUSE Bug 1249138",
"url": "https://bugzilla.suse.com/1249138"
},
{
"category": "self",
"summary": "SUSE Bug 1253319",
"url": "https://bugzilla.suse.com/1253319"
},
{
"category": "self",
"summary": "SUSE Bug 1258046",
"url": "https://bugzilla.suse.com/1258046"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-24853 page",
"url": "https://www.suse.com/security/cve/CVE-2024-24853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31648 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31648/"
}
],
"title": "Security update for ucode-intel",
"tracking": {
"current_release_date": "2026-03-19T09:31:38Z",
"generator": {
"date": "2026-03-19T09:31:38Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20941-1",
"initial_release_date": "2026-03-19T09:31:38Z",
"revision_history": [
{
"date": "2026-03-19T09:31:38Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20260210-160000.1.1.x86_64",
"product": {
"name": "ucode-intel-20260210-160000.1.1.x86_64",
"product_id": "ucode-intel-20260210-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20260210-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:ucode-intel-20260210-160000.1.1.x86_64"
},
"product_reference": "ucode-intel-20260210-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20260210-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:ucode-intel-20260210-160000.1.1.x86_64"
},
"product_reference": "ucode-intel-20260210-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-24853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-24853"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:ucode-intel-20260210-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:ucode-intel-20260210-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-24853",
"url": "https://www.suse.com/security/cve/CVE-2024-24853"
},
{
"category": "external",
"summary": "SUSE Bug 1229129 for CVE-2024-24853",
"url": "https://bugzilla.suse.com/1229129"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:ucode-intel-20260210-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:ucode-intel-20260210-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:ucode-intel-20260210-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:ucode-intel-20260210-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-19T09:31:38Z",
"details": "important"
}
],
"title": "CVE-2024-24853"
},
{
"cve": "CVE-2025-31648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31648"
}
],
"notes": [
{
"category": "general",
"text": "Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:ucode-intel-20260210-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:ucode-intel-20260210-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31648",
"url": "https://www.suse.com/security/cve/CVE-2025-31648"
},
{
"category": "external",
"summary": "SUSE Bug 1258046 for CVE-2025-31648",
"url": "https://bugzilla.suse.com/1258046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:ucode-intel-20260210-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:ucode-intel-20260210-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:ucode-intel-20260210-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:ucode-intel-20260210-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-19T09:31:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-31648"
}
]
}
WID-SEC-W-2024-1842
Vulnerability from csaf_certbund - Published: 2024-08-13 22:00 - Updated: 2025-04-07 22:00Summary
HPE ProLiant undSynergy: Mehrere Schwachstellen ermöglichen Privilegieneskalation
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: ProLiant ist eine Serverfamilie von Hewlett Packard Enterprise.
Synergy ist eine kombinierbare Blade-Infrastruktur, die Workloads in einer Hybrid Cloud-Umgebung unterstützt.
Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen in HPE ProLiant und HPE Synergy ausnutzen, um seine Privilegien zu erhöhen.
Betroffene Betriebssysteme: - BIOS/Firmware
- Sonstiges
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer SimpliVity Server
HP / Computer
|
cpe:/h:hp:computer:simplivity_server
|
SimpliVity Server | |
|
HPE ProLiant BIOS <2.10_11-28-2023
HPE / ProLiant
|
BIOS <2.10_11-28-2023 | ||
|
HPE ProLiant Alletra 4140 <2.16_03-01-2024
HPE / ProLiant
|
Alletra 4140 <2.16_03-01-2024 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerScale <12.4.1
Dell / PowerScale
|
<12.4.1 | ||
|
Dell BIOS
Dell
|
cpe:/h:dell:bios:-
|
— | |
|
HPE ProLiant
HPE / ProLiant
|
cpe:/h:hp:proliant:-
|
— | |
|
Dell Avamar Gen5a <Hotfix 338868
Dell / Avamar
|
Gen5a <Hotfix 338868 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
HPE Synergy 480 Gen11 Compute Module <2.10_11-28-2023
HPE / Synergy
|
480 Gen11 Compute Module <2.10_11-28-2023 | ||
|
HPE ProLiant BIOS <2.20_08-07-2024
HPE / ProLiant
|
BIOS <2.20_08-07-2024 |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer SimpliVity Server
HP / Computer
|
cpe:/h:hp:computer:simplivity_server
|
SimpliVity Server | |
|
HPE ProLiant BIOS <2.10_11-28-2023
HPE / ProLiant
|
BIOS <2.10_11-28-2023 | ||
|
HPE ProLiant Alletra 4140 <2.16_03-01-2024
HPE / ProLiant
|
Alletra 4140 <2.16_03-01-2024 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerScale <12.4.1
Dell / PowerScale
|
<12.4.1 | ||
|
Dell BIOS
Dell
|
cpe:/h:dell:bios:-
|
— | |
|
HPE ProLiant
HPE / ProLiant
|
cpe:/h:hp:proliant:-
|
— | |
|
Dell Avamar Gen5a <Hotfix 338868
Dell / Avamar
|
Gen5a <Hotfix 338868 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
HPE Synergy 480 Gen11 Compute Module <2.10_11-28-2023
HPE / Synergy
|
480 Gen11 Compute Module <2.10_11-28-2023 | ||
|
HPE ProLiant BIOS <2.20_08-07-2024
HPE / ProLiant
|
BIOS <2.20_08-07-2024 |
References
12 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "ProLiant ist eine Serverfamilie von Hewlett Packard Enterprise.\r\nSynergy ist eine kombinierbare Blade-Infrastruktur, die Workloads in einer Hybrid Cloud-Umgebung unterst\u00fctzt.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen in HPE ProLiant und HPE Synergy ausnutzen, um seine Privilegien zu erh\u00f6hen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- BIOS/Firmware\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1842 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1842.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1842 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1842"
},
{
"category": "external",
"summary": "HPE Security Bulletin vom 2024-08-13",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04680en_us\u0026docLocale=en_US"
},
{
"category": "external",
"summary": "HPE Security Bulletin vom 2024-08-13",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04681en_us\u0026docLocale=en_US"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3095-1 vom 2024-09-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019365.html"
},
{
"category": "external",
"summary": "HPE Security Bulletin",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04720en_us\u0026docLocale=en_US"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-1950 vom 2024-10-31",
"url": "https://alas.aws.amazon.com/ALAS-2024-1950.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2682 vom 2024-11-01",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2682.html"
},
{
"category": "external",
"summary": "Dell Security Update vom 2024-11-20",
"url": "https://www.dell.com/support/kbdoc/de-de/000225475/dsa-2024-243-security-update-for-dell-client-platform-for-intel-platform-update-2024-3-advisories"
},
{
"category": "external",
"summary": "HPE Security Bulletin vom 2024-12-11",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04690en_us\u0026docLocale=en_US"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-455 vom 2024-12-16",
"url": "https://www.dell.com/support/kbdoc/de-de/000260794/dsa-2024-455-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-167 vom 2025-04-07",
"url": "https://www.dell.com/support/kbdoc/de-de/000304933/dsa-2025-167-security-update-for-dell-avamar-data-store-gen5a-multiple-third-party-component-vulnerabilities"
}
],
"source_lang": "en-US",
"title": "HPE ProLiant undSynergy: Mehrere Schwachstellen erm\u00f6glichen Privilegieneskalation",
"tracking": {
"current_release_date": "2025-04-07T22:00:00.000+00:00",
"generator": {
"date": "2025-04-08T11:47:39.317+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2024-1842",
"initial_release_date": "2024-08-13T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-08-13T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-09-03T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-10-13T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von HP aufgenommen"
},
{
"date": "2024-10-31T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-11-20T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Dell"
},
{
"date": "2024-12-11T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von HP aufgenommen"
},
{
"date": "2024-12-16T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-04-07T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Dell aufgenommen"
}
],
"status": "final",
"version": "8"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Gen5a \u003cHotfix 338868",
"product": {
"name": "Dell Avamar Gen5a \u003cHotfix 338868",
"product_id": "T042429"
}
},
{
"category": "product_version",
"name": "Gen5a Hotfix 338868",
"product": {
"name": "Dell Avamar Gen5a Hotfix 338868",
"product_id": "T042429-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:avamar:gen5a__hotfix_338868"
}
}
}
],
"category": "product_name",
"name": "Avamar"
},
{
"category": "product_name",
"name": "Dell BIOS",
"product": {
"name": "Dell BIOS",
"product_id": "T039382",
"product_identification_helper": {
"cpe": "cpe:/h:dell:bios:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c12.4.1",
"product": {
"name": "Dell PowerScale \u003c12.4.1",
"product_id": "T039868"
}
},
{
"category": "product_version",
"name": "12.4.1",
"product": {
"name": "Dell PowerScale 12.4.1",
"product_id": "T039868-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerscale_onefs:12.4.1"
}
}
}
],
"category": "product_name",
"name": "PowerScale"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "SimpliVity Server",
"product": {
"name": "HP Computer SimpliVity Server",
"product_id": "T039806",
"product_identification_helper": {
"cpe": "cpe:/h:hp:computer:simplivity_server"
}
}
}
],
"category": "product_name",
"name": "Computer"
}
],
"category": "vendor",
"name": "HP"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "HPE ProLiant",
"product": {
"name": "HPE ProLiant",
"product_id": "T027712",
"product_identification_helper": {
"cpe": "cpe:/h:hp:proliant:-"
}
}
},
{
"category": "product_version_range",
"name": "BIOS \u003c2.10_11-28-2023",
"product": {
"name": "HPE ProLiant BIOS \u003c2.10_11-28-2023",
"product_id": "T036827"
}
},
{
"category": "product_version",
"name": "BIOS 2.10_11-28-2023",
"product": {
"name": "HPE ProLiant BIOS 2.10_11-28-2023",
"product_id": "T036827-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:hp:proliant:bios__2.10_11-28-2023"
}
}
},
{
"category": "product_version_range",
"name": "Alletra 4140 \u003c2.16_03-01-2024",
"product": {
"name": "HPE ProLiant Alletra 4140 \u003c2.16_03-01-2024",
"product_id": "T036828"
}
},
{
"category": "product_version_range",
"name": "Alletra 4140 2.16_03-01-2024",
"product": {
"name": "HPE ProLiant Alletra 4140 2.16_03-01-2024",
"product_id": "T036828-fixed"
}
},
{
"category": "product_version_range",
"name": "BIOS \u003c2.20_08-07-2024",
"product": {
"name": "HPE ProLiant BIOS \u003c2.20_08-07-2024",
"product_id": "T036829"
}
},
{
"category": "product_version",
"name": "BIOS 2.20_08-07-2024",
"product": {
"name": "HPE ProLiant BIOS 2.20_08-07-2024",
"product_id": "T036829-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:hp:proliant:bios__2.20_08-07-2024"
}
}
}
],
"category": "product_name",
"name": "ProLiant"
},
{
"branches": [
{
"category": "product_version_range",
"name": "480 Gen11 Compute Module \u003c2.10_11-28-2023",
"product": {
"name": "HPE Synergy 480 Gen11 Compute Module \u003c2.10_11-28-2023",
"product_id": "T036830"
}
},
{
"category": "product_version",
"name": "480 Gen11 Compute Module 2.10_11-28-2023",
"product": {
"name": "HPE Synergy 480 Gen11 Compute Module 2.10_11-28-2023",
"product_id": "T036830-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:hpe:synergy:480_gen11_compute_module__2.10_11-28-2023"
}
}
}
],
"category": "product_name",
"name": "Synergy"
}
],
"category": "vendor",
"name": "HPE"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-24853",
"product_status": {
"known_affected": [
"T039806",
"T036827",
"T036828",
"T002207",
"T039868",
"T039382",
"T027712",
"T042429",
"398363",
"T036830",
"T036829"
]
},
"release_date": "2024-08-13T22:00:00.000+00:00",
"title": "CVE-2024-24853"
},
{
"cve": "CVE-2024-39283",
"product_status": {
"known_affected": [
"T039806",
"T036827",
"T036828",
"T002207",
"T039868",
"T039382",
"T027712",
"T042429",
"398363",
"T036830",
"T036829"
]
},
"release_date": "2024-08-13T22:00:00.000+00:00",
"title": "CVE-2024-39283"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…