Local denial of service in 13th and 14th Generation Intel Core processors
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-39355 |
| CWE-ID | CWE-20 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Intel Core i9 processor 13900KS Hardware solutions / Firmware Intel Core i9 processor 13900K Hardware solutions / Firmware Intel Core i9 processor 13900KF Hardware solutions / Firmware Intel Core i9 processor 13900F Hardware solutions / Firmware Intel Core i9 processor 13900 Hardware solutions / Firmware Intel Core i9 processor 13900E Hardware solutions / Firmware Intel Core i7 processor 13700K Hardware solutions / Firmware Intel Core i7 processor 13700KF Hardware solutions / Firmware Intel Core i7 processor 13790F Hardware solutions / Firmware Intel Core i7 processor 13700F Hardware solutions / Firmware Intel Core i7 processor 13700 Hardware solutions / Firmware Intel Core i5 processor 13600K Hardware solutions / Firmware Intel Core i5 processor 13600KF Hardware solutions / Firmware Intel Core i9 processor 14900 Hardware solutions / Firmware Intel Core i9 processor 14900K Hardware solutions / Firmware Intel Core i9 processor 14900KS Hardware solutions / Firmware Intel Core i9 processor 14900F Hardware solutions / Firmware Intel Core i9 processor 14900KF Hardware solutions / Firmware Intel Core i7 processor 14700 Hardware solutions / Firmware Intel Core i7 processor 14700F Hardware solutions / Firmware Intel Core i7 processor 14700K Hardware solutions / Firmware Intel Core i7 processor 14700KF Hardware solutions / Firmware Intel Core i5 processor 14600K Hardware solutions / Firmware Intel Core i5 processor 14600KF Hardware solutions / Firmware Intel Core i9 processor 14901E Hardware solutions / Firmware Intel Core i7 processor 14701E Hardware solutions / Firmware |
| Vendor | Intel |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Input validation error
EUVDB-ID: #VU107010
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39355
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper handling of physical or environmental conditions in Intel processors. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Core i9 processor 13900KS: All versions
Intel Core i9 processor 13900K: All versions
Intel Core i9 processor 13900KF: All versions
Intel Core i9 processor 13900F: All versions
Intel Core i9 processor 13900: All versions
Intel Core i9 processor 13900E: All versions
Intel Core i7 processor 13700K: All versions
Intel Core i7 processor 13700KF: All versions
Intel Core i7 processor 13790F: All versions
Intel Core i7 processor 13700F: All versions
Intel Core i7 processor 13700: All versions
Intel Core i5 processor 13600K: All versions
Intel Core i5 processor 13600KF: All versions
Intel Core i9 processor 14900: All versions
Intel Core i9 processor 14900K: All versions
Intel Core i9 processor 14900KS: All versions
Intel Core i9 processor 14900F: All versions
Intel Core i9 processor 14900KF: All versions
Intel Core i7 processor 14700: All versions
Intel Core i7 processor 14700F: All versions
Intel Core i7 processor 14700K: All versions
Intel Core i7 processor 14700KF: All versions
Intel Core i5 processor 14600K: All versions
Intel Core i5 processor 14600KF: All versions
Intel Core i9 processor 14901E: All versions
Intel Core i7 processor 14701E: All versions
CPE2.3- cpe:2.3:h:intel:intel_core_i9_processor_13900ks:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i9_processor_13900k:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i9_processor_13900kf:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i9_processor_13900f:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i9_processor_13900:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i9_processor_13900e:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i7_processor_13700k:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i7_processor_13700kf:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i7_processor_13790f:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i7_processor_13700f:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i7_processor_13700:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i5_processor_13600k:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i5_processor_13600kf:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i9_processor_14900:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i9_processor_14900k:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i9_processor_14900ks:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i9_processor_14900f:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i9_processor_14900kf:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i7_processor_14700:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i7_processor_14700f:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i7_processor_14700k:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i7_processor_14700kf:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i5_processor_14600k:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i5_processor_14600kf:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i9_processor_14901e:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i7_processor_14701e:*:*:*:*:*:*:*:*
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01228.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
