#VU104106 Input validation error in Intel products - CVE-2024-31068
Published: February 20, 2025
Vulnerability identifier: #VU104106
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-31068
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
12th Generation Intel Core Processors
13th Generation Intel Core Processors
14th Generation Intel Core Processors
4th Generation Intel Xeon Scalable Processors
5th Generation Intel Xeon Scalable processors
Intel Core Ultra processor
12th Generation Intel Core Processors
13th Generation Intel Core Processors
14th Generation Intel Core Processors
4th Generation Intel Xeon Scalable Processors
5th Generation Intel Xeon Scalable processors
Intel Core Ultra processor
Software vendor:
Intel
Intel
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper Finite State Machines (FSMs) in Hardware Logic. A local administrator can pass specially crafted input to the application and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.