Vulnerability DatabaseCVE-2024-22374

CVE-2024-22374:
Amazon Linux vulnerability analysis and mitigation

Overview

CVE-2024-22374 is a security vulnerability affecting Intel(R) Xeon Processors that was disclosed on August 14, 2024. The vulnerability stems from insufficient control flow management in certain processor models. This security issue has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) and CVSS v4.0 score of 6.8 (MEDIUM) by Intel Corporation (Intel Advisory, NVD).

Technical details

The vulnerability is characterized by insufficient control flow management in the affected Intel Xeon Processors. It has been assigned CWE-691 (Insufficient Control Flow Management). The CVSS v3.1 vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H, indicating local access requirements, low attack complexity, and high availability impact. The CVSS v4.0 vector string is CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N (NVD).

Impact

The vulnerability can lead to denial of service conditions when successfully exploited. The impact is primarily focused on system availability, with no direct effect on confidentiality or integrity. The attack requires local access and can only be executed by an authenticated user (Intel Advisory).

Additional resources

Source: This report was generated using AI

Related Amazon Linux vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-47151	CRITICAL	9.8	NixOS	lasso-devel	No	Yes	Nov 05, 2025
CVE-2025-52565	HIGH	8.4	cAdvisor	eks-distro-1.30	No	Yes	Nov 06, 2025
CVE-2025-11001	HIGH	7.8	7-Zip	7zip-standalone-debuginfo	No	Yes	Nov 19, 2025
CVE-2025-52881	HIGH	7.3	cAdvisor	kubernetes-fips-1.34	No	Yes	Nov 06, 2025
CVE-2025-31133	HIGH	7.3	cAdvisor	rtla	No	Yes	Nov 06, 2025