Input validation error in Intel products - CVE-2024-24582
Published: February 18, 2025
Vulnerability identifier: #VU104036
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-24582
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Intel
Affected software:
UEFI firmware
12th Generation Intel Core Processors
Intel Pentium Gold Processor Series
Intel Celeron Processors
13th Generation Intel Core Processors
Intel Core Ultra family
UEFI firmware
12th Generation Intel Core Processors
Intel Pentium Gold Processor Series
Intel Celeron Processors
13th Generation Intel Core Processors
Intel Core Ultra family
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in XmlCli feature. A local administrator can pass specially crafted input to the application and gain elevated privileges.
How to mitigate CVE-2024-24582
Install updates from vendor's website.