Request a Demo
Rewterz
Eastern European NGOs and Media Targeted by Russian Threat Actors – Active IOCs
August 16, 2024
Rewterz
Grandoreiro Malware – Active IOCs
August 16, 2024

Multiple Intel Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-24986 CVSS:8.8

Intel Ethernet Controllers and Adapters could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control in Linux kernel mode driver, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-23981 CVSS:8.8

Intel Ethernet Controllers and Adapters could allow a local authenticated attacker to gain elevated privileges on the system, caused by wrap-around error in Linux kernel mode driver, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-21807 CVSS:8.8

Intel Ethernet Controllers and Adapters could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper initialization in the Linux kernel mode driver, By sending a speciall crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-23497 CVSS:8.8

Intel Ethernet Controllers and Adapters could allow a local authenticated attacker to gain elevated privileges on the system, caused by out-of-bounds write in Linux kernel mode driver, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-21810 CVSS:8.8

Intel Ethernet Controllers and Adapters could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation in the Linux kernel mode driver, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-26022 CVSS:7.8

Intel UEFI Integrator Tools on Aptio V for Intel NUC could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2023-49141 CVSS:7.8

Multiple Intel Processors could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper isolation in the stream cache mechanism. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges.

CVE-2024-28947 CVSS:8.2

Intel Server Board S2600ST Family firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation in kernel mode driver. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2024-34163 CVSS:7.5

Intel NUC could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation in firmware. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-42667 CVSS:7.8

Intel Core Ultra processors could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper isolation in the stream cache mechanism. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges.

Impact

  • Privilege Escalation

Indicators of Compromise

CVE

  • CVE-2024-24986
  • CVE-2024-23981
  • CVE-2024-21807
  • CVE-2024-23497
  • CVE-2024-21810
  • CVE-2024-26022
  • CVE-2023-49141
  • CVE-2024-28947
  • CVE-2024-34163
  • CVE-2023-42667

Affected Vendors

Intel

Affected Products

  • Intel NUC M15 Laptop Kit LAPBC510
  • Intel Ethernet Complete Driver Pack
  • Intel Aptio V UEFI Firmware Integrator Tools for Intel® NUC iDmiEdit-Win software
  • Intel Aptio V UEFI Firmware Integrator Tools for Intel® NUC iDmiEditLnx software
  • Intel Aptio V UEFI Firmware Integrator Tools for Intel® NUC iFlashVLnx software
  • Intel Aptio V UEFI Firmware Integrator Tools for Intel® NUC iFlashVWin software
  • Intel Aptio V UEFI Firmware Integrator Tools for Intel® NUC iSetupCfgLnx software
  • Intel Aptio V UEFI Firmware Integrator Tools for Intel® NUC iSetupCfgWin software
  • Intel 4th Generation Xeon Bronze Processor
  • Intel 4th Generation Xeon Gold Processors
  • Intel 4th Generation Xeon Platinum processors
  • Intel 4th Generation Xeon Silver Processor
  • Intel Server Board S2600ST Family

Remediation

Refer to INTEL Security Advisory for patch, upgrade or suggested workaround information.

CVE-2024-24986

CVE-2024-23981

CVE-2024-21807

CVE-2024-23497

CVE-2024-21810

CVE-2024-26022

CVE-2023-49141

CVE-2024-28947

CVE-2024-34163

CVE-2023-42667