Denial of service in Intel Processors

1) Input validation error

EUVDB-ID: #VU104106

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-31068

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper Finite State Machines (FSMs) in Hardware Logic. A local administrator can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

12th Generation Intel Core Processors: All versions

13th Generation Intel Core Processors: All versions

14th Generation Intel Core Processors: All versions

Intel Core Ultra processor: All versions

4th Generation Intel Xeon Scalable Processors: All versions

5th Generation Intel Xeon Scalable processors: All versions

CPE2.3

• cpe:2.3:h:intel:12th_generation_intel_core_processors:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:13th_generation_intel_core_processors:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:14th_generation_intel_core_processors:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:intel_core_ultra_processor:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:4th_generation_intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
• cpe:2.3:h:intel:5th_generation_intel_xeon_scalable_processors:*:*:*:*:*:*:*:*

External links

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01166.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.