Multiple Intel Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-36482 CVSS:8.2

Intel CIP software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an improper input validation flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-34023 CVSS:8.4

Intel Graphics software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an untrusted pointer dereference flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-38665 CVSS:8.4

Intel Graphics software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an out-of-bounds write flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-21820 CVSS:7.2

Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access.

CVE-2024-23918 CVSS:8.8

Intel Xeon Processor could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper conditions check. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-36242 CVSS:8.8

Intel Processor (SPP) could allow a local authenticated attacker to gain elevated privileges on the system, caused by protection mechanism failure. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to escalate privilege.

CVE-2024-28028 CVSS:7.5

Intel Neural Compressor Software could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper input validation. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to escalate privilege.

CVE-2024-32483 CVSS:8.2

Intel Endpoint Management Assistant software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to escalate privilege.

CVE-2024-22185 CVSS:7.2

Intel Xeon Processor Scalable Family could allow a local authenticated attacker to gain elevated privileges on the system, caused by a time-of-check time-of-use race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges.

CVE-2024-36488 CVSS:7.3

Intel Driver Support Assistant could allow a locale authenticated attacker to gain elevated privileges on the system, caused by improper access control. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to escalate privilege.

CVE-2024-36284 CVSS:7.1

CVE-2024-41167 CVSS:7.5

Intel Server Board M10JNP2SB Family could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation in UEFI firmware. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.

Impact