CVE-2024-21850

Nov. 15, 2024, 2 p.m.

6.0
Medium

Description

Sensitive information in resource not removed before reuse in some Intel(R) TDX Seamldr module software before version 1.5.02.00 may allow a privileged user to potentially enable escalation of privilege via local access.

Product(s) Impacted

Product Versions
Intel(R) TDX Seamldr module software
  • before version 1.5.02.00

Weaknesses

CWE-226
Sensitive Information in Resource Not Removed Before Reuse
The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities.

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01076.html

Tags

secure@intel.com
CWE-226
2024-11-13
CVE-2024-21850

CVSS Score

6.0 / 10

CVSS Data

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: HIGH
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: NONE
    • View Vector String

    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Date

  • Published: Nov. 13, 2024, 9:15 p.m.
  • Last Modified: Nov. 15, 2024, 2 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

secure@intel.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.