CVE-2024-37020
EPSS 0.01%
Description
Sequence of processor instructions leads to unexpected behavior in the Intel(R) DSA V1.0 for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable denial of service via local access.
How to fix CVE-2024-37020
To remediate CVE-2024-37020, upgrade the affected package to a fixed version below.
- Alpine/intel-ucode—upgrade to 20250211-r0 or later
- Debian/intel-microcode—upgrade to 3.20250211.1~deb11u1 or later
Is CVE-2024-37020 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 20250211-r0
- from 0, < 3.20250211.1~deb11u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |