Input validation error in Intel products - CVE-2024-21781
Published: September 17, 2024
Vulnerability identifier: #VU97438
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-21781
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Intel
Affected software:
Intel Xeon D Processors
3rd Generation Intel Xeon Scalable Processors
Intel Atom Processor C5000
Intel Atom Processor P5000 Series
2nd Generation Intel Xeon Scalable Processors
Intel Xeon Scalable Processors
Intel Xeon D Processors
3rd Generation Intel Xeon Scalable Processors
Intel Atom Processor C5000
Intel Atom Processor P5000 Series
2nd Generation Intel Xeon Scalable Processors
Intel Xeon Scalable Processors
Detailed vulnerability description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation in UEFI firmware. A local privileged user can gain access to sensitive information or perform a denial of service (DoS) attack.
How to mitigate CVE-2024-21781
Install updates from vendor's website.