#VU107011 Untrusted search path in Intel products - CVE-2024-21830

Cybersecurity Help s.r.o.

Published: 2025-04-05

Vulnerability identifier: #VU107011

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-21830

CWE-ID: CWE-426

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
11th Generation Intel Core Processors
Hardware solutions / Firmware
12th Generation Intel Core Processors
Hardware solutions / Firmware
13th Generation Intel Core Processors
Hardware solutions / Firmware
14th Generation Intel Core Processors
Hardware solutions / Firmware
7th Gen Intel Core Processors
Hardware solutions / Firmware
8th Gen Intel Core processor
Hardware solutions / Firmware
10th Generation Intel Core Processors
Hardware solutions / Firmware
Intel Core Processors with Intel Hybrid Technology
Hardware solutions / Firmware
Intel Atom Processors
Hardware solutions / Firmware
Intel Pentium Processors
Hardware solutions / Firmware
Intel Celeron Processors
Hardware solutions / Firmware
Intel Iris Xe Dedicated Graphics
Hardware solutions / Firmware
Intel Data Center GPU Flex 140
Hardware solutions / Firmware
Intel Data Center GPU Flex 170
Hardware solutions / Firmware
9th Generation Intel Core Processors
Client/Desktop applications / Web browsers
Intel Arc Graphics family
Hardware solutions / Drivers
Intel Core Ultra processor
Hardware solutions / Drivers
Intel Arc Pro Graphics for Windows
Hardware solutions / Drivers
Intel oneAPI Video Processing Library
Universal components / Libraries / Software for developers

Vendor: Intel

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to usage of an untrusted search path in Intel VPL software. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

11th Generation Intel Core Processors: All versions

12th Generation Intel Core Processors: All versions

13th Generation Intel Core Processors: All versions

14th Generation Intel Core Processors: All versions

7th Gen Intel Core Processors: before 31.0.101.2130

8th Gen Intel Core processor: before 31.0.101.2130

9th Generation Intel Core Processors: before 31.0.101.2130

10th Generation Intel Core Processors: before 31.0.101.2130

Intel Core Processors with Intel Hybrid Technology: before 31.0.101.2130

Intel Atom Processors: before 31.0.101.2130

Intel Pentium Processors: before 31.0.101.2130

Intel Celeron Processors: before 31.0.101.2130

Intel Iris Xe Dedicated Graphics: before 31.0.101.5186_101.5234

Intel Arc Graphics family: before 31.0.101.5186_101.5234

Intel Core Ultra processor: before 31.0.101.5186_101.5234

Intel Arc Pro Graphics for Windows: before 31.0.101.5319

Intel Data Center GPU Flex 140: before 31.0.101.5333

Intel Data Center GPU Flex 170: before 31.0.101.5333

Intel oneAPI Video Processing Library: before 2023.4.0

External links
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01044.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Privilege escalation in Intel VPL Software