Improper Input Validation in Intel UEFI Firmware Leading to Potential Information Disclosure or Denial of Service
CVE-2024-21781

7HIGH

Key Information:

Vendor: Intel
Status: Uefi Firmware For Some Intel(r) Processors
Vendor: CVE Published:; 16 September 2024

What is CVE-2024-21781?

An improper input validation issue exists in UEFI firmware for certain Intel processors. This vulnerability may allow a privileged user to exploit the flaw through local access, potentially enabling information disclosure or denial of service, which can compromise the affected system’s integrity.

Affected Version(s)

UEFI firmware for some Intel(R) Processors See references

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2024

JSON