CVE-2024-31155

High

Published: 12 February 2025

Published

12 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0004 12.4th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Improper buffer restrictions in the UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Security Summary

CVE-2024-31155 involves improper buffer restrictions (CWE-119) in the UEFI firmware for some Intel processors. Published on 2025-02-12, this vulnerability carries a CVSS v3.1 base score of 7.5 (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating a high-severity issue that could allow escalation of privilege.

Exploitation requires local access and a privileged user account (PR:H), along with high attack complexity (AC:H) and no user interaction (UI:N). A successful attack could enable privilege escalation, resulting in high impacts to confidentiality, integrity, and availability, with a changed scope (S:C) that affects dependent components.

Intel's security advisory (INTEL-SA-01198) at https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01198.html provides further details on affected products and recommended mitigations.

Details

CWE(s): CWE-119

References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01198.html
secure@intel.com