Multiple vulnerabilities in Intel Chipset Firmware

1) Input validation error

EUVDB-ID: #VU104063

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-38307

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Converged Security and Management Engine (CSME): All versions

Intel Active Management Technology: All versions

Standard Manageability (ISM): All versions

Intel C420 Chipset: before 11.12.97

Intel X299 Chipset: before 11.12.97

Intel C620 Series Chipset: before 11.22.97

8th Gen Intel Core processor: before 11.8.97

Intel 100 Series Chipset: before 11.8.97

Intel 200 Series Chipset: before 11.8.97

Intel C230 series chipset: before 11.8.97

Intel C240 Series Chipset: before 12.0.96

Intel 300 Series Chipset: before 12.0.96

Pentium Gold processor series (G54XXU): before 12.0.96

Celeron processor 4000 series: before 12.0.96

CPE2.3

• cpe:2.3:h:intel:csme:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_active_management_technology:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_ism:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_c420_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_x299_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_c620_series_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:8th_gen_intel_core_processor:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_100_series_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_200_series_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_c230_series_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_c240_series_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_300_series_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:pentium_gold_processor_series_g54xxu:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:celeron_processor_4000_series:*:*:*:*:*:*:*:*

External links

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01152.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper access control

EUVDB-ID: #VU104075

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-30211

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A local user can bypass implemented security restrictions and gain elevated privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Management Engine (ME) driver for Windows: before 2435.6.36.0

Intel Celeron N4000 Processors: before 4.0.55

Intel Celeron processor J3000/N3000 series: before 3.1.97

Intel Pentium Processor N4000 Series: before 3.1.97

Intel Pentium Processor J4000 Series: before 3.1.97

Intel Atom processor X E3900 series: before 3.1.97

Intel 600 Series Chipset: before 16.1.35

Intel W790 chipset: before 16.11.20

Intel 700 series chipset: before 16.1.35

Intel Celeron Processor J Series: before 15.40.35

Celeron processor N series: before 13.50.30

Intel Pentium Processor J Series: before 15.40.35

Intel Pentium Processor N Series: before 15.40.35

Intel Atom x6000E series: before 15.40.35

C740 series chipset: before 15.20.20

Intel 500 series chipset: before 15.0.50

Intel C250 Series Chipset: before 15.0.50

Intel 400 Series Chipset: before 14.1.75

Intel Pentium Processor Silver Series: before 13.50.30

10th Generation Intel Core Processors: before 13.0.70

Celeron processor 4000 series: before 12.0.96

Pentium Gold processor series (G54XXU): before 12.0.96

Intel 300 Series Chipset: before 12.0.96

Intel C240 Series Chipset: before 12.0.96

Intel C230 series chipset: before 11.8.97

Intel 200 Series Chipset: before 11.8.97

Intel 100 Series Chipset: before 11.8.97

8th Gen Intel Core processor: before 11.8.97

Intel C620 Series Chipset: before 11.22.97

Intel X299 Chipset: before 11.12.97

Intel C420 Chipset: before 11.12.97

Intel Pentium processor N5000 series: before 4.0.55

Intel Pentium processor J5000 series: before 4.0.55

CPE2.3

• cpe:2.3:h:intel:intel_management_engine_me_driver_for_windows:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_celeron_n4000_processors:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_celeron_processor_j3000_n3000_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_pentium_processor_n4000_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_pentium_processor_j4000_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_atom_processor_x_e3900_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_600_series_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_w790_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_700_series_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_celeron_processor_j_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:celeron_processor_n_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_pentium_processor_j_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_pentium_processor_n_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_atom_x6000e_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:c740_series_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_500_series_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_c250_series_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_400_series_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_pentium_processor_silver_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:celeron_processor_4000_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:pentium_gold_processor_series_g54xxu:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_300_series_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_c240_series_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_c230_series_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_200_series_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_100_series_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:8th_gen_intel_core_processor:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_c620_series_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_x299_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_c420_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_pentium_processor_n5000_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_pentium_processor_j5000_series:*:*:*:*:*:*:*:*

External links

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01152.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper Initialization

EUVDB-ID: #VU104071

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26021

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper initialization. A local administrator can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Active Management Technology: All versions

Standard Manageability (ISM): All versions

Intel C420 Chipset: before 11.12.97

Intel X299 Chipset: before 11.12.97

Intel C620 Series Chipset: before 11.22.97

8th Gen Intel Core processor: before 11.8.97

Intel 100 Series Chipset: before 11.8.97

Intel 200 Series Chipset: before 11.8.97

Intel C230 series chipset: before 11.8.97

Intel C240 Series Chipset: before 12.0.96

Intel 300 Series Chipset: before 12.0.96

Pentium Gold processor series (G54XXU): before 12.0.96

Celeron processor 4000 series: before 12.0.96

Intel 400 Series Chipset: before 14.1.75

Intel C250 Series Chipset: before 15.0.50

Intel 500 series chipset: before 15.0.50

C740 series chipset: before 15.20.20

Intel 600 Series Chipset: before 16.1.35

Intel 700 series chipset: before 16.1.35

CPE2.3

• cpe:2.3:h:intel:intel_active_management_technology:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_ism:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_c420_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_x299_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_c620_series_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:8th_gen_intel_core_processor:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_100_series_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_200_series_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_c230_series_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_c240_series_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_300_series_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:pentium_gold_processor_series_g54xxu:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:celeron_processor_4000_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_400_series_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_c250_series_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_500_series_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:c740_series_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_600_series_chipset:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_700_series_chipset:*:*:*:*:*:*:*:*

External links

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01152.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.