{ "document": { "aggregate_severity": { "text": "Medium" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/centos8.5els/vex/2024/cve-2024-31157-els_os-centos8_5els.json" } ], "tracking": { "current_release_date": "2026-03-19T13:37:15Z", "generator": { "date": "2026-03-19T13:37:15Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2024-31157-ELS_OS-CENTOS8.5ELS", "initial_release_date": "2024-01-01T00:00:00Z", "revision_history": [ { "date": "2024-01-01T00:00:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-03-13T11:19:07Z", "number": "2", "summary": "Official Publication" }, { "date": "2026-03-19T13:37:15Z", "number": "3", "summary": "Update document" } ], "status": "final", "version": "3" }, "title": "Security update on CVE-2024-31157" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 8.5", "product": { "name": "Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:8.5:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" }, { "branches": [ { "category": "product_version", "name": "microcode_ctl-4:20240813-1.el8.x86_64", "product": { "name": "microcode_ctl-4:20240813-1.el8.x86_64", "product_id": "microcode_ctl-4:20240813-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/centos/microcode_ctl@20240813-1.el8?arch=x86_64&epoch=4" } } }, { "category": "product_version", "name": "microcode_ctl-4:20251111-1.el8.x86_64", "product": { "name": "microcode_ctl-4:20251111-1.el8.x86_64", "product_id": "microcode_ctl-4:20251111-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/centos/microcode_ctl@20251111-1.el8?arch=x86_64&epoch=4" } } }, { "category": "product_version", "name": "microcode_ctl-4:20250512-1.el8.x86_64", "product": { "name": "microcode_ctl-4:20250512-1.el8.x86_64", "product_id": "microcode_ctl-4:20250512-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/centos/microcode_ctl@20250512-1.el8?arch=x86_64&epoch=4" } } }, { "category": "product_version", "name": "microcode_ctl-4:20230512-1.el8.x86_64", "product": { "name": "microcode_ctl-4:20230512-1.el8.x86_64", "product_id": "microcode_ctl-4:20230512-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/centos/microcode_ctl@20230512-1.el8?arch=x86_64&epoch=4" } } }, { "category": "product_version", "name": "microcode_ctl-4:20231114-1.el8.x86_64", "product": { "name": "microcode_ctl-4:20231114-1.el8.x86_64", "product_id": "microcode_ctl-4:20231114-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/centos/microcode_ctl@20231114-1.el8?arch=x86_64&epoch=4" } } }, { "category": "product_version", "name": "microcode_ctl-4:20230214-1.el8.x86_64", "product": { "name": "microcode_ctl-4:20230214-1.el8.x86_64", "product_id": "microcode_ctl-4:20230214-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/centos/microcode_ctl@20230214-1.el8?arch=x86_64&epoch=4" } } }, { "category": "product_version", "name": "microcode_ctl-4:20250211-1.el8.x86_64", "product": { "name": "microcode_ctl-4:20250211-1.el8.x86_64", "product_id": "microcode_ctl-4:20250211-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/centos/microcode_ctl@20250211-1.el8?arch=x86_64&epoch=4" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "microcode_ctl-4:20240813-1.el8.tuxcare.els1.x86_64", "product": { "name": "microcode_ctl-4:20240813-1.el8.tuxcare.els1.x86_64", "product_id": "microcode_ctl-4:20240813-1.el8.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/microcode_ctl@20240813-1.el8.tuxcare.els1?arch=x86_64&epoch=4" } } }, { "category": "product_version", "name": "microcode_ctl-4:20251111-1.el8.tuxcare.els1.x86_64", "product": { "name": "microcode_ctl-4:20251111-1.el8.tuxcare.els1.x86_64", "product_id": "microcode_ctl-4:20251111-1.el8.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/microcode_ctl@20251111-1.el8.tuxcare.els1?arch=x86_64&epoch=4" } } }, { "category": "product_version", "name": "microcode_ctl-4:20250512-1.el8.tuxcare.els1.x86_64", "product": { "name": "microcode_ctl-4:20250512-1.el8.tuxcare.els1.x86_64", "product_id": "microcode_ctl-4:20250512-1.el8.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/microcode_ctl@20250512-1.el8.tuxcare.els1?arch=x86_64&epoch=4" } } }, { "category": "product_version", "name": "microcode_ctl-4:20230512-1.el8.tuxcare.els1.x86_64", "product": { "name": "microcode_ctl-4:20230512-1.el8.tuxcare.els1.x86_64", "product_id": "microcode_ctl-4:20230512-1.el8.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/microcode_ctl@20230512-1.el8.tuxcare.els1?arch=x86_64&epoch=4" } } }, { "category": "product_version", "name": "microcode_ctl-4:20231114-1.el8.tuxcare.els1.x86_64", "product": { "name": "microcode_ctl-4:20231114-1.el8.tuxcare.els1.x86_64", "product_id": "microcode_ctl-4:20231114-1.el8.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/microcode_ctl@20231114-1.el8.tuxcare.els1?arch=x86_64&epoch=4" } } }, { "category": "product_version", "name": "microcode_ctl-4:20230214-1.el8.tuxcare.els1.x86_64", "product": { "name": "microcode_ctl-4:20230214-1.el8.tuxcare.els1.x86_64", "product_id": "microcode_ctl-4:20230214-1.el8.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/microcode_ctl@20230214-1.el8.tuxcare.els1?arch=x86_64&epoch=4" } } }, { "category": "product_version", "name": "microcode_ctl-4:20250211-1.el8.tuxcare.els1.x86_64", "product": { "name": "microcode_ctl-4:20250211-1.el8.tuxcare.els1.x86_64", "product_id": "microcode_ctl-4:20250211-1.el8.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/microcode_ctl@20250211-1.el8.tuxcare.els1?arch=x86_64&epoch=4" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "microcode_ctl-4:20240813-1.el8.tuxcare.els1.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:microcode_ctl-4:20240813-1.el8.tuxcare.els1.x86_64" }, "product_reference": "microcode_ctl-4:20240813-1.el8.tuxcare.els1.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "microcode_ctl-4:20251111-1.el8.tuxcare.els1.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:microcode_ctl-4:20251111-1.el8.tuxcare.els1.x86_64" }, "product_reference": "microcode_ctl-4:20251111-1.el8.tuxcare.els1.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "microcode_ctl-4:20250512-1.el8.tuxcare.els1.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:microcode_ctl-4:20250512-1.el8.tuxcare.els1.x86_64" }, "product_reference": "microcode_ctl-4:20250512-1.el8.tuxcare.els1.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "microcode_ctl-4:20230512-1.el8.tuxcare.els1.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:microcode_ctl-4:20230512-1.el8.tuxcare.els1.x86_64" }, "product_reference": "microcode_ctl-4:20230512-1.el8.tuxcare.els1.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "microcode_ctl-4:20231114-1.el8.tuxcare.els1.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:microcode_ctl-4:20231114-1.el8.tuxcare.els1.x86_64" }, "product_reference": "microcode_ctl-4:20231114-1.el8.tuxcare.els1.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "microcode_ctl-4:20230214-1.el8.tuxcare.els1.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:microcode_ctl-4:20230214-1.el8.tuxcare.els1.x86_64" }, "product_reference": "microcode_ctl-4:20230214-1.el8.tuxcare.els1.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "microcode_ctl-4:20250211-1.el8.tuxcare.els1.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:microcode_ctl-4:20250211-1.el8.tuxcare.els1.x86_64" }, "product_reference": "microcode_ctl-4:20250211-1.el8.tuxcare.els1.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "microcode_ctl-4:20240813-1.el8.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:microcode_ctl-4:20240813-1.el8.x86_64" }, "product_reference": "microcode_ctl-4:20240813-1.el8.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "microcode_ctl-4:20251111-1.el8.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:microcode_ctl-4:20251111-1.el8.x86_64" }, "product_reference": "microcode_ctl-4:20251111-1.el8.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "microcode_ctl-4:20250512-1.el8.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:microcode_ctl-4:20250512-1.el8.x86_64" }, "product_reference": "microcode_ctl-4:20250512-1.el8.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "microcode_ctl-4:20230512-1.el8.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:microcode_ctl-4:20230512-1.el8.x86_64" }, "product_reference": "microcode_ctl-4:20230512-1.el8.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "microcode_ctl-4:20231114-1.el8.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:microcode_ctl-4:20231114-1.el8.x86_64" }, "product_reference": "microcode_ctl-4:20231114-1.el8.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "microcode_ctl-4:20230214-1.el8.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:microcode_ctl-4:20230214-1.el8.x86_64" }, "product_reference": "microcode_ctl-4:20230214-1.el8.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "microcode_ctl-4:20250211-1.el8.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:microcode_ctl-4:20250211-1.el8.x86_64" }, "product_reference": "microcode_ctl-4:20250211-1.el8.x86_64", "relates_to_product_reference": "CentOS-8.5" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-31157", "cwe": { "id": "CWE-665", "name": "Improper Initialization" }, "notes": [ { "category": "description", "text": "Improper initialization in UEFI firmware OutOfBandXML module in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "known_affected": [ "CentOS-8.5:microcode_ctl-4:20230214-1.el8.tuxcare.els1.x86_64", "CentOS-8.5:microcode_ctl-4:20230214-1.el8.x86_64", "CentOS-8.5:microcode_ctl-4:20230512-1.el8.tuxcare.els1.x86_64", "CentOS-8.5:microcode_ctl-4:20230512-1.el8.x86_64", "CentOS-8.5:microcode_ctl-4:20231114-1.el8.tuxcare.els1.x86_64", "CentOS-8.5:microcode_ctl-4:20231114-1.el8.x86_64", "CentOS-8.5:microcode_ctl-4:20240813-1.el8.tuxcare.els1.x86_64", "CentOS-8.5:microcode_ctl-4:20240813-1.el8.x86_64", "CentOS-8.5:microcode_ctl-4:20250211-1.el8.tuxcare.els1.x86_64", "CentOS-8.5:microcode_ctl-4:20250211-1.el8.x86_64", "CentOS-8.5:microcode_ctl-4:20250512-1.el8.tuxcare.els1.x86_64", "CentOS-8.5:microcode_ctl-4:20250512-1.el8.x86_64", "CentOS-8.5:microcode_ctl-4:20251111-1.el8.tuxcare.els1.x86_64", "CentOS-8.5:microcode_ctl-4:20251111-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-31157" } ], "release_date": "2025-02-12T21:19:00Z", "remediations": [ { "category": "no_fix_planned", "details": "CVE-2024-31157 is confined to a UEFI firmware module (OutOfBandXML) on certain Intel processors and requires local, highly privileged access with high attack complexity, which significantly limits practical exploitability. The flaw exists in platform firmware rather than the operating system, so guest workloads in virtual machines cannot reach the vulnerable module, and bare‑metal systems would still require administrative firmware access to attempt it. Impact is limited to information disclosure with no integrity or availability effect, making this a lower‑priority issue for enterprise server and cloud deployments.", "product_ids": [ "CentOS-8.5:microcode_ctl-4:20230214-1.el8.tuxcare.els1.x86_64", "CentOS-8.5:microcode_ctl-4:20230214-1.el8.x86_64", "CentOS-8.5:microcode_ctl-4:20230512-1.el8.tuxcare.els1.x86_64", "CentOS-8.5:microcode_ctl-4:20230512-1.el8.x86_64", "CentOS-8.5:microcode_ctl-4:20231114-1.el8.tuxcare.els1.x86_64", "CentOS-8.5:microcode_ctl-4:20231114-1.el8.x86_64", "CentOS-8.5:microcode_ctl-4:20240813-1.el8.tuxcare.els1.x86_64", "CentOS-8.5:microcode_ctl-4:20240813-1.el8.x86_64", "CentOS-8.5:microcode_ctl-4:20250211-1.el8.tuxcare.els1.x86_64", "CentOS-8.5:microcode_ctl-4:20250211-1.el8.x86_64", "CentOS-8.5:microcode_ctl-4:20250512-1.el8.tuxcare.els1.x86_64", "CentOS-8.5:microcode_ctl-4:20250512-1.el8.x86_64", "CentOS-8.5:microcode_ctl-4:20251111-1.el8.tuxcare.els1.x86_64", "CentOS-8.5:microcode_ctl-4:20251111-1.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CentOS-8.5:microcode_ctl-4:20230214-1.el8.tuxcare.els1.x86_64", "CentOS-8.5:microcode_ctl-4:20230214-1.el8.x86_64", "CentOS-8.5:microcode_ctl-4:20230512-1.el8.tuxcare.els1.x86_64", "CentOS-8.5:microcode_ctl-4:20230512-1.el8.x86_64", "CentOS-8.5:microcode_ctl-4:20231114-1.el8.tuxcare.els1.x86_64", "CentOS-8.5:microcode_ctl-4:20231114-1.el8.x86_64", "CentOS-8.5:microcode_ctl-4:20240813-1.el8.tuxcare.els1.x86_64", "CentOS-8.5:microcode_ctl-4:20240813-1.el8.x86_64", "CentOS-8.5:microcode_ctl-4:20250211-1.el8.tuxcare.els1.x86_64", "CentOS-8.5:microcode_ctl-4:20250211-1.el8.x86_64", "CentOS-8.5:microcode_ctl-4:20250512-1.el8.tuxcare.els1.x86_64", "CentOS-8.5:microcode_ctl-4:20250512-1.el8.x86_64", "CentOS-8.5:microcode_ctl-4:20251111-1.el8.tuxcare.els1.x86_64", "CentOS-8.5:microcode_ctl-4:20251111-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }