Severity
Medium
Analysis Summary
CVE-2024-21806 CVSS:5.5
Intel Ethernet Controllers and Adapters could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper conditions check in Linux kernel mode driver, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-23491 CVSS:6.7
Intel Distribution for GDB Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by uncontrolled search path, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2023-43747 CVSS:6.7
Intel Connectivity Performance Suite Software Installer could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect default permissions, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-23499 CVSS:6.5
Intel Ethernet Controllers and Adapters is vulnerable to a denial of service, caused by protection mechanism failure in firmware. By sending a specially crafted request, an remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-24580 CVSS:6.5
Intel Data Center GPU Max Series are vulnerable to a denial of service, caused by improper conditions check. By sending a specially crafted request, an remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-21769 CVSS:6.7
Intel Ethernet Controllers and Adapters could allow a local authenticated attacker to gain elevated privileges on the system, caused by uncontrolled search path, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-24983 CVSS:6.5
Intel Ethernet Controllers and Adapters is vulnerable to a denial of service, caused by protection mechanism failure in firmware. By sending a specially crafted request, an remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-23909 CVSS:6.7
Intel FPGA SDK for OpenCL Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by uncontrolled search path, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-22184 CVSS:6.7
Intel Quartus Prime Pro Edition Design Software product could allow a locally authenticated attacker to gain elevated privileges on the system caused by an uncontrolled search path. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-24973 CVSS:2.2
Intel Distribution for GDB Software is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-25562 CVSS:5.8
Intel Distribution for GDB Software is vulnerable to a denial of service, caused by uncaught exception. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-23974 CVSS:6.7
Intel ISH Software Installer could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect default permissions, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-25561 CVSS:6.7
Intel HID Event Filter Software Installer could allow a local authenticated attacker to gain elevated privileges on the system, caused by insecure inherited permissions, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-24977 CVSS:6.7
Intel License Manager for FLEXlm product could allow a locally authenticated attacker to gain elevated privileges on the system caused by an uncontrolled search path; By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-28046 CVSS:6.7
Intel GPA Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by uncontrolled search pat, By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-27461 CVSS:5.6
Intel® Arc & Iris Xe Graphics software is vulnerable to a denial of service, caused by incorrect default permissions in software installer. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
Impact
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-21806
- CVE-2024-23491
- CVE-2023-43747
- CVE-2024-23499
- CVE-2024-24580
- CVE-2024-21769
- CVE-2024-24983
- CVE-2024-23909
- CVE-2024-22184
- CVE-2024-24973
- CVE-2024-25562
- CVE-2024-23974
- CVE-2024-25561
- CVE-2024-24977
- CVE-2024-28046
- CVE-2024-27461
Affected Vendors
Affected Products
- Intel Distribution for GDB Software
- Intel GPA software
- Intel Ethernet Complete Driver Pack
- Intel Ethernet Controllers E800 Series
- Intel oneAPI Base Toolkit software
- Intel Connectivity Performance Suite software
- Intel Data Center GPU Max Series 1100 and 1550 products
- Intel Ethernet Controllers E800 Series with NVM image
- Intel FPGA SDK for OpenCL software
- Intel Quartus Prime Pro Edition Design Software
- Intel ISH software for Intel NUC M15 Laptop Kits LAPBC710 and LAPBC510
- Intel ISH software for 11th Generation Intel Core Processor Family
- Intel ISH software for 12th Generation Intel Core Processor Family
- Intel HID Event Filter software
- Intel License Manager for FLEXlm product
- Intel MAS (GUI) Software
Remediation
Refer to INTEL Security Advisory for patch, upgrade or suggested workaround information.