Improper Input Validation in Intel SPS Firmware
CVE-2024-25571

4.6MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Sps Firmware Before Sps E5 06.01.04.059.0
Vendor: CVE Published:; 12 February 2025

Summary

An improper input validation vulnerability exists in some versions of Intel's SPS firmware, potentially enabling a privileged local user to cause a denial of service. Failure to validate input correctly could lead to the exploitation of this flaw, impacting the stability and availability of affected systems. Organizations using affected firmware versions should implement necessary security measures to mitigate the risk associated with local access exploitation.

Affected Version(s)

Intel(R) SPS firmware before SPS_E5_06.01.04.059.0 See references

References

https://intel.com/content/www/us/en/security-center/advis...

CVSS V4

Score:

4.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Feb 12, 2025
Vulnerability Reserved
Mar 1, 2024