Vulnerability identifier: #VU97438

Vulnerability risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21781

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Intel Xeon D Processors
Hardware solutions / Firmware
3rd Generation Intel Xeon Scalable Processors
Hardware solutions / Firmware
Intel Atom Processor C5000
Hardware solutions / Firmware
Intel Atom Processor P5000 Series
Hardware solutions / Firmware
2nd Generation Intel Xeon Scalable Processors
Hardware solutions / Firmware
Intel Xeon Scalable Processors
Hardware solutions / Other hardware appliances

Vendor: Intel

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation in UEFI firmware. A local privileged user can gain access to sensitive information or perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Intel Xeon D Processors: All versions

3rd Generation Intel Xeon Scalable Processors: All versions

Intel Atom Processor C5000: All versions

Intel Atom Processor P5000 Series: All versions

Intel Xeon Scalable Processors: All versions

2nd Generation Intel Xeon Scalable Processors: All versions

---

External links
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01071.html

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.