Improper Input Validation in UEFI Firmware for Intel Processors
CVE-2024-21829

8.7HIGH

Key Information:

Vendor: Intel
Status: Intel(r) Processors
Vendor: CVE Published:; 16 September 2024

Summary

Improper input validation in the UEFI firmware's error handling mechanism for various Intel processors presents a vulnerability that may allow a malicious privileged user to exploit this flaw through local access. This situation could potentially enable the attacker to escalate privileges, compromising the security of affected systems. Users and administrators are advised to review the advisory from Intel and apply any necessary patches to safeguard their systems.

Affected Version(s)

Intel(R) Processors See references

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Sep 16, 2024