Analysis Summary

CVE-2023-47165 CVSS:6

Intel Data Center GPU Max Series are vulnerable to a denial of service, caused by improper conditions check. A local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2024-21864 CVSS:7.8

Intel Arc & Iris Xe Graphics Software could allow a remote attacker to gain elevated privileges on the system, caused by improper neutralization. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2024-21809 CVSS:6.7

Intel Quartus Prime Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper conditions check. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2024-22476 CVSS:10

Intel Neural Compressor Software could allow a remote attacker to gain elevated privileges on the system, caused by improper input validation. An attacker could exploit this vulnerability to gain elevated privileges.

CVE-2024-21843 CVSS:6.7

Intel Computing Improvement Program Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2024-22390 CVSS:4.4

Intel FPGA Firmware is vulnerable to a denial of service, caused by improper input validation in firmware. A local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2024-21862 CVSS:6.7

Intel Quartus Prime Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2024-21837 CVSS:6.7

Intel Quartus Prime Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2024-21792 CVSS:4.7

Intel Neural Compressor Software could allow a local authenticated attacker to obtain sensitive information, caused by a time-of-check time-of-use race condition. An attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2023-45320 CVSS:6.7

Intel VTune Profiler Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2024-21841 CVSS:6.7

Intel Distribution for GDB Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2024-22095 CVSS:7.2

Intel Server Products UEFI Firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation in PlatformVariableInitDxe driver. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2024-21835 CVSS:6.7

Intel XTU Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by insecure inherited permissions. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-22662 CVSS:5.8

Intel Server Products UEFI Firmware is vulnerable to a denial of service, caused by improper input validation of EpsdSrMgmtConfig. A local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2024-23980 CVSS:7.5

Intel Server Products UEFI Firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper buffer restrictions in PlatformPfrDxe driver. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2024-23487 CVSS:7.5

Intel Server Products UEFI Firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation in UserAuthenticationSmm driver. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2024-22382 CVSS:7.5

Intel Server Products UEFI Firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation in PprRequestLog module. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2024-24981 CVSS:7.5

Intel Server Products UEFI Firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation in PfrSmiUpdateFw driver. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

Impact

• Denial of Service
• Privilege Escalation
• Information Disclosure

Indicators of Compromise

CVE

• CVE-2023-47165
• CVE-2024-21864
• CVE-2024-21809
• CVE-2024-22476
• CVE-2024-21843
• CVE-2024-22390
• CVE-2024-21862
• CVE-2024-21837
• CVE-2024-21792
• CVE-2023-45320
• CVE-2024-21841
• CVE-2024-22095
• CVE-2024-21835
• CVE-2023-22662
• CVE-2024-23980
• CVE-2024-23487
• CVE-2024-22382
• CVE-2024-24981

Affected Vendors

Affected Products

• Intel Agilex 7 FPGA and SoC FPGA product families
• Intel Stratix 10 FPGA and SoC FPGA product families
• Intel Data Center GPU Max Series 1100
• Intel Data Center GPU Max Series 1550
• Intel Quartus Prime Lite Edition Design Software 23.0
• Intel Neural Compressor Software 2.4.1
• Intel Computing Improvement Program Software 2.4
• Intel VTune Profiler
• Intel Distribution for GDB Software
• Intel Server D50DNP Family
• Intel XTU Software 7.14.0
• Intel Server M50FCP Family
• Intel Server Board S2600BP Family

Remediation

Refer to Intel Security Advisory for patch, upgrade or suggested workaround information.

CVE-2023-47165

CVE-2024-21864

CVE-2024-21809

CVE-2024-22476

CVE-2024-21843

CVE-2024-22390

CVE-2024-21862

CVE-2024-21837

CVE-2024-21792

CVE-2023-45320

CVE-2024-21841

CVE-2024-22095

CVE-2024-21835

CVE-2023-22662

CVE-2024-23980

CVE-2024-23487

CVE-2024-22382

CVE-2024-24981