Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-24582

Опубликовано: 12 фев. 2025
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

Improper input validation in XmlCli feature for UEFI firmware for some Intel(R) processors may allow privileged user to potentially enable escalation of privilege via local access.

An improper input validation flaw was found in the XmlCli feature for UEFI firmware. Some Intel(R) processors may allow a privileged user to enable privilege escalation via local access.

Отчет

Red Hat has given this vulnerability the impact rating of Important due to the potential of escalating privileges locally.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10microcode_ctlNot affected
Red Hat Enterprise Linux 8microcode_ctlAffected
Red Hat Enterprise Linux 7.7 Advanced Update Supportmicrocode_ctlFixedRHBA-2025:242806.03.2025
Red Hat Enterprise Linux 7 Extended Lifecycle Supportmicrocode_ctlFixedRHEA-2025:242706.03.2025
Red Hat Enterprise Linux 8.2 Advanced Update Supportmicrocode_ctlFixedRHEA-2025:242406.03.2025
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Supportmicrocode_ctlFixedRHEA-2025:242306.03.2025
Red Hat Enterprise Linux 8.4 Telecommunications Update Servicemicrocode_ctlFixedRHEA-2025:242306.03.2025
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutionsmicrocode_ctlFixedRHEA-2025:242306.03.2025
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Supportmicrocode_ctlFixedRHEA-2025:242206.03.2025
Red Hat Enterprise Linux 8.6 Telecommunications Update Servicemicrocode_ctlFixedRHEA-2025:242206.03.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=2345376microcode_ctl: Improper input validation in XmlCli feature for UEFI firmware

EPSS

Процентиль: 8%
0.00029
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-24582

CVSS3: 7.5
ubuntu
12 месяцев назад

Improper input validation in XmlCli feature for UEFI firmware for some Intel(R) processors may allow privileged user to potentially enable escalation of privilege via local access.

nvd логотип

CVE-2024-24582

CVSS3: 7.5
nvd
12 месяцев назад

Improper input validation in XmlCli feature for UEFI firmware for some Intel(R) processors may allow privileged user to potentially enable escalation of privilege via local access.

debian логотип

CVE-2024-24582

CVSS3: 7.5
debian
12 месяцев назад

Improper input validation in XmlCli feature for UEFI firmware for some ...

github логотип

GHSA-g5pm-xmgf-pjcq

CVSS3: 7.5
github
12 месяцев назад

Improper input validation in XmlCli feature for UEFI firmware for some Intel(R) processors may allow privileged user to potentially enable escalation of privilege via local access.

fstec логотип

BDU:2025-02096

CVSS3: 7.5
fstec
12 месяцев назад

Уязвимость функции XmlCli микропрограммного обеспечения UEFI процессоров Intel, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 8%
0.00029
Низкий

7.5 High

CVSS3