Incomplete Filtering of Special Elements

CVE-2024-39283

High

8.5/10

Summary

Incomplete filtering of special elements in Intel(R) TDX module software before version TDX_1.5.01.00.592 may allow an authenticated user to potentially enable escalation of privilege via local access.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-791 - Incomplete Filtering of Special Elements

The software receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.

References

Advisory Timeline

Published Aug 14, 2024

Incomplete Filtering of Special Elements

CVE-2024-39283

Summary

CWE-791 - Incomplete Filtering of Special Elements

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS