#VU103983 Input validation error in Intel products - CVE-2024-42410

Cybersecurity Help s.r.o.

Published: 2025-02-14

Vulnerability identifier: #VU103983

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42410

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
7th Gen Intel Core Processors
Hardware solutions / Firmware
8th Gen Intel Core processor
Hardware solutions / Firmware
10th Generation Intel Core Processors
Hardware solutions / Firmware
Intel Core Processors with Intel Hybrid Technology
Hardware solutions / Firmware
Intel Atom Processors
Hardware solutions / Firmware
Intel Pentium Processors
Hardware solutions / Firmware
Intel Celeron Processors
Hardware solutions / Firmware
11th Generation Intel Core Processors
Hardware solutions / Firmware
12th Generation Intel Core Processors
Hardware solutions / Firmware
13th Generation Intel Core Processors
Hardware solutions / Firmware
14th Generation Intel Core Processors
Hardware solutions / Firmware
Intel Iris Xe Dedicated Graphics
Hardware solutions / Firmware
Intel Arc Pro Graphics family
Hardware solutions / Firmware
Intel Data Center GPU Flex 140
Hardware solutions / Firmware
Intel Data Center GPU Flex 170
Hardware solutions / Firmware
9th Generation Intel Core Processors
Client/Desktop applications / Web browsers
Intel Arc Graphics family
Hardware solutions / Drivers
Intel Core Ultra processor
Hardware solutions / Drivers
Intel Arc & Iris Xe Graphics for Windows
Hardware solutions / Drivers
Intel Arc Pro Graphics for Windows
Hardware solutions / Drivers
Intel Data Center GPU Flex for Windows
Hardware solutions / Drivers
Intel Graphics Driver for Windows
Client/Desktop applications / Virtualization software

Vendor: Intel

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

7th Gen Intel Core Processors: All versions

8th Gen Intel Core processor: All versions

9th Generation Intel Core Processors: All versions

10th Generation Intel Core Processors: All versions

Intel Core Processors with Intel Hybrid Technology: All versions

Intel Atom Processors: All versions

Intel Pentium Processors: All versions

Intel Celeron Processors: All versions

11th Generation Intel Core Processors: All versions

12th Generation Intel Core Processors: All versions

13th Generation Intel Core Processors: All versions

14th Generation Intel Core Processors: All versions

Intel Iris Xe Dedicated Graphics: All versions

Intel Arc Graphics family: All versions

Intel Core Ultra processor: All versions

Intel Arc Pro Graphics family: All versions

Intel Data Center GPU Flex 140: All versions

Intel Data Center GPU Flex 170: All versions

Intel Graphics Driver for Windows: before 31.0.101.2130, 31.0.101.2130

Intel Arc & Iris Xe Graphics for Windows: before 31.0.101.5768

Intel Arc Pro Graphics for Windows: before 31.0.101.5978

Intel Data Center GPU Flex for Windows: before 31.0.101.5768

External links
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01235.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Dell Client Platform update for Intel Graphics software

Lenovo update for Intel Graphics software

Multiple vulnerabilities in Intel Graphics Software