#VU103982 Improper access control in Intel products - CVE-2024-38310

Vulnerability identifier: #VU103982

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-38310

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
7th Gen Intel Core Processors
8th Gen Intel Core processor
10th Generation Intel Core Processors
Intel Core Processors with Intel Hybrid Technology
Intel Atom Processors
Intel Pentium Processors
Intel Celeron Processors
11th Generation Intel Core Processors
12th Generation Intel Core Processors
13th Generation Intel Core Processors
14th Generation Intel Core Processors
Intel Iris Xe Dedicated Graphics
Intel Arc Pro Graphics family
Intel Data Center GPU Flex 140
Intel Data Center GPU Flex 170
9th Generation Intel Core Processors
Intel Arc Graphics family
Intel Core Ultra processor
Intel Arc & Iris Xe Graphics for Windows
Intel Arc Pro Graphics for Windows
Intel Data Center GPU Flex for Windows
Intel Graphics Driver for Windows

Software vendor:
Intel

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A local user can bypass implemented security restrictions and gain elevated privileges on the target system.

Install update from vendor's website.

• https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01235.html