The Instrumentation and Tracing Technology API (ITT API) is a software component used in various Linux distributions. This vulnerability allows an attacker to escalate privileges locally on the system by exploiting uncontrolled search paths within Ring 3, which can lead to potential impacts on confidentiality, integrity, and availability.
You're affected if you use Instrumentation and Tracing Technology API (ITT API) software before version 3.25.4 within Ring 3. Check with: ls /lib/modules/*/kernel/modules/ or in the Linux kernel source code (git ls-files kernel/trace/itt.c) to verify your system's ITT API version.
Note: This vulnerability is specific to Linux distributions and not applicable to other operating systems.
Upgrade to Instrumentation and Tracing Technology API (ITT API) software version 3.25.4 or later.
- In the Linux kernel source code (git ls-files kernel/trace/itt.c), apply the patch available on the Intel website: https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01337.html#patch
- Immediate mitigations:
- Restrict network access to your system (firewall it from the public internet)
- Audit kernel module loading for suspicious activity patterns
- Monitor for unauthorized ITT API usage