CVE-2024-24582
Published: February 14, 2025Last modified: June 9, 2025
Description
Improper input validation in XmlCli feature for UEFI firmware for some Intel(R) processors may allow privileged user to potentially enable escalation of privilege via local access.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.5 |
| Attack Vector | LOCAL |
| Attack complexity | HIGH |
| Privileges required | HIGH |
| User interaction | NONE |
| Scope | CHANGED |
| Confidentiality | HIGH |
| Integrity impact | HIGH |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | intel-ucode | Fixed (20250211-r0) |
| Stream | intel-ucode | Fixed (20250211-r0) |