CVE-2024-24968: 
Red Hat Enterprise Linux CoreOS (RHCOS) vulnerability analysis and mitigation

Improper finite state machines (FSMs) in hardware logic in some Intel(R) Processors was identified and assigned CVE-2024-24968. The vulnerability was discovered and reported by Intel Corporation, with the initial record created on February 28, 2024. This hardware-level vulnerability affects various Intel processors and requires local access with privileged user permissions to exploit (NVD, CVE).

The vulnerability is classified as CWE-1245 (Improper Finite State Machines in Hardware Logic). It has received a CVSS 4.0 Base Score of 5.6 (Medium) with the vector string CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N, and a CVSS 3.1 Base Score of 5.3 (Medium) with the vector string CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H. The scoring indicates that while the vulnerability requires high privileges and is complex to exploit, it can potentially cause significant availability impacts (NVD).

The vulnerability can lead to a denial of service condition, potentially resulting in system crashes. The impact is primarily focused on system availability, with no direct effects on confidentiality or integrity. The vulnerability requires local access and privileged user permissions to exploit, which somewhat limits its potential impact scope (Ubuntu).

Intel has released firmware updates to address this vulnerability. Ubuntu has released fixes across multiple versions including 24.04 LTS (noble), 22.04 LTS (jammy), 20.04 LTS (focal), and 18.04 LTS (bionic). The fixes were initially released in the 20240910 microcode update, with additional updates released in the 20241112 release (Ubuntu).