CVE-2024-29223

Medium

Published: 12 February 2025

Published

12 February 2025

Modified

03 December 2025

KEV Added

—

Patch

—

CVSS Score 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0016 36.6th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Description

Uncontrolled search path for some Intel(R) QuickAssist Technology software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Security Summary

CVE-2024-29223 is an uncontrolled search path vulnerability (CWE-427) in some Intel QuickAssist Technology software versions before 2.2.0. This flaw may allow an authenticated user to potentially enable escalation of privilege via local access. The vulnerability carries a CVSS v3.1 base score of 6.7 (AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H), indicating medium severity with high impacts across confidentiality, integrity, and availability.

An attacker requires local access to the system, low-level privileges as an authenticated user, high attack complexity, and user interaction to exploit this vulnerability. Successful exploitation could enable privilege escalation, potentially granting higher-level access and compromising the system's security.

Intel's security advisory INTEL-SA-01124 provides details on the issue and mitigation steps, available at https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01124.html. Updating to Intel QuickAssist Technology software version 2.2.0 or later addresses the vulnerability.

Details

CWE(s): CWE-427

Affected Products

intel

quickassist technology

≤ 2.2.0-0012

References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01124.html
Vendor Advisory · secure@intel.com