June 23, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Eastern European NGOs and Media Targeted by Russian Threat Actors – Active IOCs
August 16, 2024
Grandoreiro Malware – Active IOCs
August 16, 2024
Eastern European NGOs and Media Targeted by Russian Threat Actors – Active IOCs
August 16, 2024
Grandoreiro Malware – Active IOCs
August 16, 2024
Severity
High
Analysis Summary
CVE-2024-24986 CVSS:8.8
Intel Ethernet Controllers and Adapters could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control in Linux kernel mode driver, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-23981 CVSS:8.8
Intel Ethernet Controllers and Adapters could allow a local authenticated attacker to gain elevated privileges on the system, caused by wrap-around error in Linux kernel mode driver, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-21807 CVSS:8.8
Intel Ethernet Controllers and Adapters could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper initialization in the Linux kernel mode driver, By sending a speciall crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-23497 CVSS:8.8
Intel Ethernet Controllers and Adapters could allow a local authenticated attacker to gain elevated privileges on the system, caused by out-of-bounds write in Linux kernel mode driver, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-21810 CVSS:8.8
Intel Ethernet Controllers and Adapters could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation in the Linux kernel mode driver, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-26022 CVSS:7.8
Intel UEFI Integrator Tools on Aptio V for Intel NUC could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2023-49141 CVSS:7.8
Multiple Intel Processors could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper isolation in the stream cache mechanism. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges.
CVE-2024-28947 CVSS:8.2
Intel Server Board S2600ST Family firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation in kernel mode driver. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2024-34163 CVSS:7.5
Intel NUC could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation in firmware. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-42667 CVSS:7.8
Intel Core Ultra processors could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper isolation in the stream cache mechanism. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges.
Impact
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-24986
- CVE-2024-23981
- CVE-2024-21807
- CVE-2024-23497
- CVE-2024-21810
- CVE-2024-26022
- CVE-2023-49141
- CVE-2024-28947
- CVE-2024-34163
- CVE-2023-42667
Affected Vendors
Intel
Affected Products
- Intel NUC M15 Laptop Kit LAPBC510
- Intel Ethernet Complete Driver Pack
- Intel Aptio V UEFI Firmware Integrator Tools for Intel® NUC iDmiEdit-Win software
- Intel Aptio V UEFI Firmware Integrator Tools for Intel® NUC iDmiEditLnx software
- Intel Aptio V UEFI Firmware Integrator Tools for Intel® NUC iFlashVLnx software
- Intel Aptio V UEFI Firmware Integrator Tools for Intel® NUC iFlashVWin software
- Intel Aptio V UEFI Firmware Integrator Tools for Intel® NUC iSetupCfgLnx software
- Intel Aptio V UEFI Firmware Integrator Tools for Intel® NUC iSetupCfgWin software
- Intel 4th Generation Xeon Bronze Processor
- Intel 4th Generation Xeon Gold Processors
- Intel 4th Generation Xeon Platinum processors
- Intel 4th Generation Xeon Silver Processor
- Intel Server Board S2600ST Family
Remediation
Refer to INTEL Security Advisory for patch, upgrade or suggested workaround information.