{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-21820", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "state": "PUBLISHED", "assignerShortName": "intel", "dateReserved": "2024-01-24T04:00:22.652Z", "datePublished": "2024-11-13T20:34:17.825Z", "dateUpdated": "2025-11-03T21:53:30.866Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2024-11-13T20:34:17.825Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}, {"lang": "en", "description": "Incorrect default permissions", "cweId": "CWE-276", "type": "CWE"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX", "versions": [{"version": "See references", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access."}], "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01079.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01079.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "cvssV4_0": {"version": "4.0", "baseScore": 8.5, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N", "attackVector": "LOCAL", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE"}}]}, "adp": [{"affected": [{"vendor": "intel", "product": "3rd_generation_intel_xeon_scalable_processor_family", "cpes": ["cpe:2.3:h:intel:3rd_generation_intel_xeon_scalable_processor_family:606a6:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "606A6", "status": "affected"}]}, {"vendor": "intel", "product": "4th_generation_intel_xeon_processor_scalable_family", "cpes": ["cpe:2.3:h:intel:4th_generation_intel_xeon_processor_scalable_family:806f7:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "806f7", "status": "affected"}]}, {"vendor": "intel", "product": "4th_generation_intel_xeon_processor_scalable_family", "cpes": ["cpe:2.3:h:intel:4th_generation_intel_xeon_processor_scalable_family:806f8:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "806f8", "status": "affected"}]}, {"vendor": "intel", "product": "5th_generation_intel_xeon_processor_scalable_family", "cpes": ["cpe:2.3:h:intel:5th_generation_intel_xeon_processor_scalable_family:c06f2:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "c06f2", "status": "affected"}]}, {"vendor": "intel", "product": "xeon_d_processor", "cpes": ["cpe:2.3:h:intel:xeon_d_processor:606c1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "606C1", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-14T15:11:33.177572Z", "id": "CVE-2024-21820", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-14T19:49:08.207Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00024.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T21:53:30.866Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00024.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T21:53:30.866Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21820", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-14T15:11:33.177572Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:intel:3rd_generation_intel_xeon_scalable_processor_family:606a6:*:*:*:*:*:*:*"], "vendor": "intel", "product": "3rd_generation_intel_xeon_scalable_processor_family", "versions": [{"status": "affected", "version": "606A6"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:intel:4th_generation_intel_xeon_processor_scalable_family:806f7:*:*:*:*:*:*:*"], "vendor": "intel", "product": "4th_generation_intel_xeon_processor_scalable_family", "versions": [{"status": "affected", "version": "806f7"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:intel:4th_generation_intel_xeon_processor_scalable_family:806f8:*:*:*:*:*:*:*"], "vendor": "intel", "product": "4th_generation_intel_xeon_processor_scalable_family", "versions": [{"status": "affected", "version": "806f8"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:intel:5th_generation_intel_xeon_processor_scalable_family:c06f2:*:*:*:*:*:*:*"], "vendor": "intel", "product": "5th_generation_intel_xeon_processor_scalable_family", "versions": [{"status": "affected", "version": "c06f2"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:intel:xeon_d_processor:606c1:*:*:*:*:*:*:*"], "vendor": "intel", "product": "xeon_d_processor", "versions": [{"status": "affected", "version": "606C1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-14T18:41:13.104Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "cvssV4_0": {"version": "4.0", "baseScore": 8.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX", "versions": [{"status": "affected", "version": "See references"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01079.html", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01079.html"}], "descriptions": [{"lang": "en", "value": "Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}, {"lang": "en", "type": "CWE", "cweId": "CWE-276", "description": "Incorrect default permissions"}]}], "providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2024-11-13T20:34:17.825Z"}}}, "cveMetadata": {"cveId": "CVE-2024-21820", "state": "PUBLISHED", "dateUpdated": "2025-11-03T21:53:30.866Z", "dateReserved": "2024-01-24T04:00:22.652Z", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "datePublished": "2024-11-13T20:34:17.825Z", "assignerShortName": "intel"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access."}, {"lang": "es", "value": "Los permisos predeterminados incorrectos en algunas configuraciones de controlador de memoria del procesador Intel(R) Xeon(R) al utilizar Intel(R) SGX pueden permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."}], "id": "CVE-2024-21820", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.8, "source": "secure@intel.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "secure@intel.com", "type": "Secondary"}]}, "published": "2024-11-13T21:15:09.653", "references": [{"source": "secure@intel.com", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01079.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00024.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "secure@intel.com", "type": "Secondary"}]}

{}

{}