CVE-2024-37020

NameCVE-2024-37020
DescriptionSequence of processor instructions leads to unexpected behavior in the Intel(R) DSA V1.0 for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable denial of service via local access.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1095805

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
intel-microcode (PTS)bullseye/non-free3.20240813.1~deb11u1vulnerable
bullseye/non-free (security)3.20241112.1~deb11u1vulnerable
bookworm/non-free-firmware3.20241112.1~deb12u1vulnerable
bookworm/non-free-firmware (security)3.20231114.1~deb12u1vulnerable
trixie/non-free-firmware3.20241112.1vulnerable
sid/non-free-firmware3.20250211.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
intel-microcodesource(unstable)3.20250211.11095805

Notes

[bookworm] - intel-microcode <postponed> (Minor issue; wait for unstable exposure, can be fixed via point release)
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01194.html
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250211
Search for package or bug name: Reporting problems