Exposure of Resource to Wrong Sphere in Intel Dynamic Tuning Technology (DTT)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-21813 |
| CWE-ID | CWE-668 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Intel Dynamic Tuning Technology (DTT) Hardware solutions / Firmware |
| Vendor | Intel |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Exposure of Resource to Wrong Sphere
EUVDB-ID: #VU93112
Risk: Low
CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21813
CWE-ID:
CWE-668 - Exposure of resource to wrong sphere
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to exposure of resource to wrong sphere. An authenticated user can trick the victim into opening a specially crafted file to enable escalation of privilege via local access.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Dynamic Tuning Technology (DTT): before 8.7.10802.26924
CPE2.3 External linkshttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00984.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
