Intel® DSA and Intel® IAA Error Reporting

Key Takeaways

System software for Intel® Xeon Scalable Processors code named Sapphire Rapids and Emerald Rapids has been updated to prevent unprivileged users from directly accessing the Intel® Data Streaming Accelerator (Intel® DSA) version 1.0 and Intel® Analytics Accelerator (Intel® IAA).

Although such updated system software is sufficient to mitigate the security impact of CVE-2024-21823, Intel is also helping to update software and libraries to add support for a new interface that allows software to continue to provide access to these accelerators for unprivileged users. Contact your software vendors for more details.

Disclosure date:
2024-05-14
Published date:
2024-06-24

Severity rating: 7.5 High

Industry-wide severity ratings can be found in the National Vulnerability Database

Summary

Malicious actors with direct access to the Intel® Data Streaming Accelerator (Intel® DSA) version 1.0 and Intel® Analytics Accelerator (Intel® IAA) version 1.0 integrated accelerators in Fourth Generation Intel® Xeon® scalable processors and Fifth Generation Intel® Xeon® scalable processors (code named Sapphire Rapids and Emerald Rapids) may be able to cause a temporary denial of service of the platform (requiring a reboot) and, in some circumstances, to corrupt memory and potentially escalate privilege. This issue has been assigned CVE-2024-21823 with a CVSS Base Score of 7.5 High CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H.

System software can mitigate this issue by preventing unprivileged users from directly accessing these accelerators. Intel has worked with the Linux* ecosystem to update the Linux kernel¹ to prevent these accelerators from being directly mapped into guest VMs and unprivileged user applications, and to add an alternative interface that allows them to continue to be used by unprivileged applications. We recommend installing the latest updates from your OS/VMM vendor.

Although such updated system software is sufficient to mitigate the security impact of this issue, Intel is also helping to update software and libraries to add support for this new interface, allowing software to continue to use these accelerators for unprivileged users. Contact your software vendors for more details. Intel plans to add such support in current or upcoming versions of these libraries:

Intel® DSA Transparent Offload Library (DTO) (version 1.1)
OFI Libfrabric Shared Memory Provider (version v.1.22.0)
Intel® MPI Library, via Intel OneAPI (IMPI version 2021.14, or OneAPI version 2025.0)
Intel® Data Mover Library (Intel® DML) (version v1.2.0)
Intel® Query Processing Library (Intel® QPL) (version v1.6.0)
Intel® Signal Processing Development Kit (Intel® SPDK) Data Streaming Accelerator (DSA) Driver (version v24.9)
Intel Data Plane Development Kit

Footnotes

These Linux changes can be found in commit ID 796aec4a5b5850967af0c42d4e84df2d748d570b.

Select Your Language

Using Intel.com Search

Quick Links

Recent Searches

Advanced Search

Only search in

Intel® Data Streaming Accelerator and Intel® In-Memory Analytics Accelerator Error Reporting

Key Takeaways

Related Content

Summary

Footnotes

Product and Performance Information