CVE-2024-36293: 
Linux Debian vulnerability analysis and mitigation

CVE-2024-36293 is a security vulnerability affecting Intel Processors with Intel SGX technology. The vulnerability stems from improper access control in the EDECCSSA user leaf function, which was discovered and disclosed in February 2025. This security issue affects various Intel processor families including Core Gen12, Gen13, Gen14, and Xeon series processors (Ubuntu CVE, MITRE CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium severity). The attack vector is local, with low attack complexity and requiring low privileges. The scope is changed, with no impact on confidentiality and integrity but high impact on availability. The complete vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H (Ubuntu CVE).

If exploited, this vulnerability could allow an authenticated user with local access to cause a denial of service condition in affected systems. The impact is primarily focused on system availability, with no direct effect on data confidentiality or integrity (MITRE CVE, Ubuntu CVE).

Intel has released microcode updates to address this vulnerability. The fix is available in microcode version 20250211, which includes security updates for various processor families. Multiple Linux distributions including Ubuntu have released patches for affected versions. Ubuntu has provided fixes across multiple releases including 24.10, 24.04 LTS, 22.04 LTS, 20.04 LTS, and 18.04 LTS (Intel Microcode, Ubuntu CVE).