#VU104106 Input validation error in Intel products - CVE-2024-31068

Vulnerability identifier: #VU104106

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-31068

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
12th Generation Intel Core Processors
Hardware solutions / Firmware
13th Generation Intel Core Processors
Hardware solutions / Firmware
14th Generation Intel Core Processors
Hardware solutions / Firmware
4th Generation Intel Xeon Scalable Processors
Hardware solutions / Firmware
5th Generation Intel Xeon Scalable processors
Hardware solutions / Firmware
Intel Core Ultra processor
Hardware solutions / Drivers

Vendor: Intel

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper Finite State Machines (FSMs) in Hardware Logic. A local administrator can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

12th Generation Intel Core Processors: All versions

13th Generation Intel Core Processors: All versions

14th Generation Intel Core Processors: All versions

Intel Core Ultra processor: All versions

4th Generation Intel Xeon Scalable Processors: All versions

5th Generation Intel Xeon Scalable processors: All versions

---

External links
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01166.html

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.