Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-28127

Опубликовано: 12 фев. 2025
Источник: redhat
CVSS3: 7.5

Описание

Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

An improper input validation flaw was found in UEFI firmware. Some Intel(R) Processors may allow a privileged user to enable privilege escalation via local access.

Отчет

Red Hat has given this vulnerability the impact rating of Important due to the potential of escalating privileges locally.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10microcode_ctlNot affected
Red Hat Enterprise Linux 8microcode_ctlAffected
Red Hat Enterprise Linux 7.7 Advanced Update Supportmicrocode_ctlFixedRHBA-2025:242806.03.2025
Red Hat Enterprise Linux 7 Extended Lifecycle Supportmicrocode_ctlFixedRHEA-2025:242706.03.2025
Red Hat Enterprise Linux 8.2 Advanced Update Supportmicrocode_ctlFixedRHEA-2025:242406.03.2025
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Supportmicrocode_ctlFixedRHEA-2025:242306.03.2025
Red Hat Enterprise Linux 8.4 Telecommunications Update Servicemicrocode_ctlFixedRHEA-2025:242306.03.2025
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutionsmicrocode_ctlFixedRHEA-2025:242306.03.2025
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Supportmicrocode_ctlFixedRHEA-2025:242206.03.2025
Red Hat Enterprise Linux 8.6 Telecommunications Update Servicemicrocode_ctlFixedRHEA-2025:242206.03.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=2345370microcode_ctl: Improper input validation in UEFI firmware

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-28127

CVSS3: 7.5
ubuntu
12 месяцев назад

Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

nvd логотип

CVE-2024-28127

CVSS3: 7.5
nvd
12 месяцев назад

Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

debian логотип

CVE-2024-28127

CVSS3: 7.5
debian
12 месяцев назад

Improper input validation in UEFI firmware for some Intel(R) Processor ...

github логотип

GHSA-cxhc-4mwx-cq5w

CVSS3: 7.5
github
12 месяцев назад

Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

fstec логотип

BDU:2025-02097

CVSS3: 7.5
fstec
12 месяцев назад

Уязвимость микропрограммного обеспечения UEFI процессоров Intel, позволяющая нарушителю повысить свои привилегии

7.5 High

CVSS3