Privilege escalation in Intel VPL Software
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-21830 |
| CWE-ID | CWE-426 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
11th Generation Intel Core Processors Hardware solutions / Firmware 12th Generation Intel Core Processors Hardware solutions / Firmware 13th Generation Intel Core Processors Hardware solutions / Firmware 14th Generation Intel Core Processors Hardware solutions / Firmware 7th Gen Intel Core Processors Hardware solutions / Firmware 8th Gen Intel Core processor Hardware solutions / Firmware 10th Generation Intel Core Processors Hardware solutions / Firmware Intel Core Processors with Intel Hybrid Technology Hardware solutions / Firmware Intel Atom Processors Hardware solutions / Firmware Intel Pentium Processors Hardware solutions / Firmware Intel Celeron Processors Hardware solutions / Firmware Intel Iris Xe Dedicated Graphics Hardware solutions / Firmware Intel Data Center GPU Flex 140 Hardware solutions / Firmware Intel Data Center GPU Flex 170 Hardware solutions / Firmware 9th Generation Intel Core Processors Client/Desktop applications / Web browsers Intel Arc Graphics family Hardware solutions / Drivers Intel Core Ultra processor Hardware solutions / Drivers Intel Arc Pro Graphics for Windows Hardware solutions / Drivers Intel oneAPI Video Processing Library Universal components / Libraries / Software for developers |
| Vendor | Intel |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Untrusted search path
EUVDB-ID: #VU107011
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21830
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted search path in Intel VPL software. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versions11th Generation Intel Core Processors: All versions
12th Generation Intel Core Processors: All versions
13th Generation Intel Core Processors: All versions
14th Generation Intel Core Processors: All versions
7th Gen Intel Core Processors: before 31.0.101.2130
8th Gen Intel Core processor: before 31.0.101.2130
9th Generation Intel Core Processors: before 31.0.101.2130
10th Generation Intel Core Processors: before 31.0.101.2130
Intel Core Processors with Intel Hybrid Technology: before 31.0.101.2130
Intel Atom Processors: before 31.0.101.2130
Intel Pentium Processors: before 31.0.101.2130
Intel Celeron Processors: before 31.0.101.2130
Intel Iris Xe Dedicated Graphics: before 31.0.101.5186_101.5234
Intel Arc Graphics family: before 31.0.101.5186_101.5234
Intel Core Ultra processor: before 31.0.101.5186_101.5234
Intel Arc Pro Graphics for Windows: before 31.0.101.5319
Intel Data Center GPU Flex 140: before 31.0.101.5333
Intel Data Center GPU Flex 170: before 31.0.101.5333
Intel oneAPI Video Processing Library: before 2023.4.0
CPE2.3- cpe:2.3:h:intel:11th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:12th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:13th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:14th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:7th_gen_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:8th_gen_intel_core_processor:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:9th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_processors_with_intel_hybrid_technology:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_atom_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_pentium_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_celeron_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_iris_xe_dedicated_graphics:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_arc_graphics_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_ultra_processor:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_arc_pro_graphics_for_windows:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_data_center_gpu_flex_140:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_data_center_gpu_flex_170:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:intel_oneapi_video_processing_library:*:*:*:*:*:*:*:*
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01044.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
