CVE-2020-24489

high-risk

Published 2021-06-09

Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.

Do I need to act?

0.07% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

LOCAL / LOW complexity

Atom X5-E3930

Atom X5-E3940

Atom X7-E3950

Celeron J1750

Celeron J1800

Celeron J1850

Celeron J1900

Celeron J3060

Celeron J3160

Celeron J3355

Celeron J3355E

Celeron J3455

Celeron J3455E

Celeron J4005

Celeron J4025

Celeron J4105

Celeron J4115

Celeron J4125

Celeron J6412

Celeron J6413

Debian Intel

Mailing List https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html

Third Party Advisory https://www.debian.org/security/2021/dsa-4934

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442....

Mailing List https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html

Third Party Advisory https://www.debian.org/security/2021/dsa-4934

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442....

/ 100

high-risk

Severity 27/34 · High

Exploitability 0/34 · Minimal

Exposure 33/34 · Critical