#VU104063 Input validation error in Intel products - CVE-2024-38307

Cybersecurity Help s.r.o.

Published: 2025-02-19

Vulnerability identifier: #VU104063

Vulnerability risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-38307

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Converged Security and Management Engine (CSME)
Hardware solutions / Firmware
Intel Active Management Technology
Hardware solutions / Firmware
Intel C420 Chipset
Hardware solutions / Firmware
Intel X299 Chipset
Hardware solutions / Firmware
Intel C620 Series Chipset
Hardware solutions / Firmware
8th Gen Intel Core processor
Hardware solutions / Firmware
Intel 100 Series Chipset
Hardware solutions / Firmware
Intel 200 Series Chipset
Hardware solutions / Firmware
Intel C230 series chipset
Hardware solutions / Firmware
Intel C240 Series Chipset
Hardware solutions / Firmware
Intel 300 Series Chipset
Hardware solutions / Firmware
Pentium Gold processor series (G54XXU)
Hardware solutions / Firmware
Celeron processor 4000 series
Hardware solutions / Firmware
Standard Manageability (ISM)
Hardware solutions / Security hardware applicances

Vendor: Intel

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Converged Security and Management Engine (CSME): All versions

Intel Active Management Technology: All versions

Standard Manageability (ISM): All versions

Intel C420 Chipset: before 11.12.97

Intel X299 Chipset: before 11.12.97

Intel C620 Series Chipset: before 11.22.97

8th Gen Intel Core processor: before 11.8.97

Intel 100 Series Chipset: before 11.8.97

Intel 200 Series Chipset: before 11.8.97

Intel C230 series chipset: before 11.8.97

Intel C240 Series Chipset: before 12.0.96

Intel 300 Series Chipset: before 12.0.96

Pentium Gold processor series (G54XXU): before 12.0.96

Celeron processor 4000 series: before 12.0.96

External links
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01152.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Intel Chipset Firmware