#VU107011 Untrusted search path in Intel products - CVE-2024-21830
Published: April 5, 2025
Vulnerability identifier: #VU107011
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-21830
CWE-ID: CWE-426
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
11th Generation Intel Core Processors
12th Generation Intel Core Processors
13th Generation Intel Core Processors
14th Generation Intel Core Processors
7th Gen Intel Core Processors
8th Gen Intel Core processor
10th Generation Intel Core Processors
Intel Core Processors with Intel Hybrid Technology
Intel Atom Processors
Intel Pentium Processors
Intel Celeron Processors
Intel Iris Xe Dedicated Graphics
Intel Data Center GPU Flex 140
Intel Data Center GPU Flex 170
9th Generation Intel Core Processors
Intel Arc Graphics family
Intel Core Ultra processor
Intel Arc Pro Graphics for Windows
Intel oneAPI Video Processing Library
11th Generation Intel Core Processors
12th Generation Intel Core Processors
13th Generation Intel Core Processors
14th Generation Intel Core Processors
7th Gen Intel Core Processors
8th Gen Intel Core processor
10th Generation Intel Core Processors
Intel Core Processors with Intel Hybrid Technology
Intel Atom Processors
Intel Pentium Processors
Intel Celeron Processors
Intel Iris Xe Dedicated Graphics
Intel Data Center GPU Flex 140
Intel Data Center GPU Flex 170
9th Generation Intel Core Processors
Intel Arc Graphics family
Intel Core Ultra processor
Intel Arc Pro Graphics for Windows
Intel oneAPI Video Processing Library
Software vendor:
Intel
Intel
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted search path in Intel VPL software. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.
Remediation
Install updates from vendor's website.