Improper Initialization in UEFI Firmware in Intel Processors
CVE-2024-31157

6.8MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Processors
Vendor: CVE Published:; 12 February 2025

What is CVE-2024-31157?

The UEFI firmware OutOfBandXML module in certain Intel processors is affected by an improper initialization issue. This vulnerability could allow a privileged user with local access to exploit the firmware, leading to potential information disclosure. Stakeholders are recommended to evaluate their systems and implement necessary mitigations as provided in the corresponding Intel advisory.

Affected Version(s)

Intel(R) Processors See references

References

https://intel.com/content/www/us/en/security-center/advis...

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 12, 2025
Vulnerability Reserved
May 2, 2024