Input validation error in Intel products - CVE-2024-31068
Published: February 20, 2025
Vulnerability identifier: #VU104106
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-31068
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Intel
Affected software:
12th Generation Intel Core Processors
13th Generation Intel Core Processors
14th Generation Intel Core Processors
4th Generation Intel Xeon Scalable Processors
5th Generation Intel Xeon Scalable processors
Intel Core Ultra processor
12th Generation Intel Core Processors
13th Generation Intel Core Processors
14th Generation Intel Core Processors
4th Generation Intel Xeon Scalable Processors
5th Generation Intel Xeon Scalable processors
Intel Core Ultra processor
Detailed vulnerability description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper Finite State Machines (FSMs) in Hardware Logic. A local administrator can pass specially crafted input to the application and perform a denial of service (DoS) attack.
How to mitigate CVE-2024-31068
Install updates from vendor's website.