CVE-2024-37020

Publication date 12 February 2025

Last updated 19 February 2025

Ubuntu priority

Sequence of processor instructions leads to unexpected behavior in the Intel(R) DSA V1.0 for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable denial of service via local access.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
intel-microcode	24.10 oracular	Ignored not fixable by OS microcode
	24.04 LTS noble	Ignored not fixable by OS microcode
	22.04 LTS jammy	Ignored not fixable by OS microcode
	20.04 LTS focal	Ignored not fixable by OS microcode
	18.04 LTS bionic	Ignored not fixable by OS microcode
	16.04 LTS xenial	Ignored not fixable by OS microcode

How can I get the fixes?
What do statuses mean?

Notes

alexmurray

There is no evidence that this CVE can be addressed by a microcode update from the OS itself, only from the BIOS

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2024-37020
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01194.html
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250211
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01194.html