CVE-2024-29214

High

Published: 12 February 2025

Published

12 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0002 6.1th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Improper input validation in UEFI firmware CseVariableStorageSmm for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Security Summary

CVE-2024-29214 is an improper input validation vulnerability (CWE-20) in the UEFI firmware component CseVariableStorageSmm, affecting some Intel processors. Published on 2025-02-12, it carries a CVSS v3.1 base score of 7.5 (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating high severity with potential for significant impact.

The vulnerability can be exploited by a privileged user with local access, requiring high attack complexity but no user interaction. Successful exploitation may enable escalation of privilege, allowing the attacker to achieve high levels of confidentiality, integrity, and availability impacts across a changed scope.

Intel's security advisory INTEL-SA-01139 details the issue, while Debian LTS has issued an announcement in their mailing list regarding related updates. Practitioners should consult these references for mitigation guidance and patch availability.

Details

CWE(s): CWE-20

References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01139.html
secure@intel.com
https://lists.debian.org/debian-lts-announce/2025/03/msg00021.html
af854a3a-2127-422b-91ae-364da2661108