#VU103981 Improper access control in Intel products - CVE-2024-37355

Cybersecurity Help s.r.o.

Published: 2025-02-14

Vulnerability identifier: #VU103981

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-37355

CWE-ID: CWE-284

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
7th Gen Intel Core Processors
Hardware solutions / Firmware
8th Gen Intel Core processor
Hardware solutions / Firmware
10th Generation Intel Core Processors
Hardware solutions / Firmware
Intel Core Processors with Intel Hybrid Technology
Hardware solutions / Firmware
Intel Atom Processors
Hardware solutions / Firmware
Intel Pentium Processors
Hardware solutions / Firmware
Intel Celeron Processors
Hardware solutions / Firmware
11th Generation Intel Core Processors
Hardware solutions / Firmware
12th Generation Intel Core Processors
Hardware solutions / Firmware
13th Generation Intel Core Processors
Hardware solutions / Firmware
14th Generation Intel Core Processors
Hardware solutions / Firmware
Intel Iris Xe Dedicated Graphics
Hardware solutions / Firmware
Intel Arc Pro Graphics family
Hardware solutions / Firmware
Intel Data Center GPU Flex 140
Hardware solutions / Firmware
Intel Data Center GPU Flex 170
Hardware solutions / Firmware
9th Generation Intel Core Processors
Client/Desktop applications / Web browsers
Intel Arc Graphics family
Hardware solutions / Drivers
Intel Core Ultra processor
Hardware solutions / Drivers
Intel Arc & Iris Xe Graphics for Windows
Hardware solutions / Drivers
Intel Arc Pro Graphics for Windows
Hardware solutions / Drivers
Intel Data Center GPU Flex for Windows
Hardware solutions / Drivers
Intel Graphics Driver for Windows
Client/Desktop applications / Virtualization software

Vendor: Intel

Description

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A local user can bypass implemented security restrictions and gain elevated privileges on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

7th Gen Intel Core Processors: All versions

8th Gen Intel Core processor: All versions

9th Generation Intel Core Processors: All versions

10th Generation Intel Core Processors: All versions

Intel Core Processors with Intel Hybrid Technology: All versions

Intel Atom Processors: All versions

Intel Pentium Processors: All versions

Intel Celeron Processors: All versions

11th Generation Intel Core Processors: All versions

12th Generation Intel Core Processors: All versions

13th Generation Intel Core Processors: All versions

14th Generation Intel Core Processors: All versions

Intel Iris Xe Dedicated Graphics: All versions

Intel Arc Graphics family: All versions

Intel Core Ultra processor: All versions

Intel Arc Pro Graphics family: All versions

Intel Data Center GPU Flex 140: All versions

Intel Data Center GPU Flex 170: All versions

Intel Graphics Driver for Windows: before 31.0.101.2130, 31.0.101.2130

Intel Arc & Iris Xe Graphics for Windows: before 31.0.101.5768

Intel Arc Pro Graphics for Windows: before 31.0.101.5978

Intel Data Center GPU Flex for Windows: before 31.0.101.5768

External links
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01235.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Intel Graphics Software