CVE-2024-31858

High

Published: 12 February 2025

Published

12 February 2025

Modified

03 December 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0012 30.7th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Out-of-bounds write for some Intel(R) QuickAssist Technology software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Security Summary

CVE-2024-31858 is an out-of-bounds write vulnerability (CWE-787) in Intel QuickAssist Technology software versions prior to 2.2.0. This flaw affects the specified software component, which is used for hardware-accelerated cryptographic and data compression/compression tasks. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential impact on confidentiality, integrity, and availability.

An authenticated user with low privileges can exploit this vulnerability via local access. The attack requires low complexity and no user interaction, allowing the attacker to potentially escalate privileges on the affected system.

Intel's security advisory (INTEL-SA-01124) details the issue and mitigation steps, available at https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01124.html. Updating to Intel QuickAssist Technology software version 2.2.0 or later addresses the vulnerability.

Details

CWE(s): CWE-787

Affected Products

intel

quickassist technology

≤ 2.2.0-0012

References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01124.html
Patch, Vendor Advisory · secure@intel.com