CVE-2024-21864 - OpenCVE

Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.5081 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent network access.

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01053.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: intel

Published: 2024-05-16T20:47:07.857Z

Updated: 2024-06-04T17:37:59.116Z

Reserved: 2024-01-02T16:55:54.852Z

Link: CVE-2024-21864

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-05-16T21:16:05.867

Modified: 2024-05-17T18:36:05.263

Link: CVE-2024-21864

JSON object: View

Redhat Information

No data.

CWE

CWE-86

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21864", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "state": "PUBLISHED", "assignerShortName": "intel", "dateReserved": "2024-01-02T16:55:54.852Z", "datePublished": "2024-05-16T20:47:07.857Z", "dateUpdated": "2024-06-04T17:37:59.116Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2024-05-16T20:47:07.857Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}, {"lang": "en", "description": "Improper neutralization", "cweId": "CWE-86", "type": "CWE"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) Arc(TM) & Iris(R) Xe Graphics software", "versions": [{"version": "before version 31.0.101.5081", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.5081 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent network access."}], "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01053.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01053.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:H", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21864", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-20T16:09:46.969827Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:intel:iris_xe_graphics:-:*:*:*:*:*:*:*"], "vendor": "intel", "product": "iris_xe_graphics", "versions": [{"status": "affected", "version": "-", "lessThan": "31.0.101.5081", "versionType": "semver"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:intel:arc_a_graphics:-:*:*:*:*:*:*:*"], "vendor": "intel", "product": "arc_a_graphics", "versions": [{"status": "affected", "version": "-", "lessThan": "31.0.101.5081", "versionType": "semver"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-707", "description": "CWE-707 Improper Neutralization"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:37:59.116Z"}}]}}