| Disclosure Date: November 2024 Publication Date: November 2024 |
 Severity Rating: 8.8 High |
Industy-wide severity ratings can be found in the National Vulnerability Database |
Related Content
Intel researchers have discovered potential security issues with the Sub-page Permission (SPP) feature when enabled on some Intel processors. Intel is not aware of any mainstream usage of SPP, and these issues pose no security risk. CVE-2024-36242 has been assigned with a CVSS base score of 8.8 (High) CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H and applies to Performance-core (P-core) processors. CVE-2024-38660 has been assigned with a CVSS base score of 3.8 (Low) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N and applies to Efficient-core (E-core) processors.
In virtualized environments, Intel recommends that Virtual Machine Monitor (VMM, hypervisor) software should mitigate these issues by discontinuing SPP support in all cases. Intel plans to discontinue SPP entirely on future processors. No actions are required in non-virtualized environments or in environments where SPP is not used.
Intel SPP is a feature designed to enhance the control of memory access in virtualized environments. It operates at a finer granularity than traditional page-level protection mechanisms.
When a VMM enables Intel SPP on some Intel processors, a malicious guest operating system (OS) may be able to write to guest physical addresses that are marked as not writable by the VMM. For CVE-2024-36242, this may apply to any guest physical address. For CVE-2024-38660, this applies only to the specific 4K regions where the hypervisor is using SPP. Both of these issues require the VMM to have specifically enabled the sub-page write permissions for EPT VM-execution control and mapped at least one SPP-enabled page into the guest physical address space. Intel does not believe that any mainstream VMM enables this configuration and is not aware of any mainstream usage of SPP.
Intel recommends that the Sub-Page Permission feature be disabled. As Intel is not aware of any mainstream software that enables SPP, this mitigation may already be in place for most users.
Affected Processors
Refer to the 2022-2024 tab of the consolidated Affected Processors table: Sub-page Permission column. Processors which have reached their End Of Servicing Lifetime are not listed in the consolidated table. Intel does not plan to evaluate whether any such processors are affected. Refer to the Support page for more information.
References
- Intel® 64 and IA-32 Architectures Software Developer Manuals Vol 3C Section 29.3.4 “Sub-Page Write Permissions.” Note that the deprecation of SPP will be described in an update.