CVE-2024-32941

High

Published: 12 February 2025

Published

12 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H

EPSS Score 0.0004 12.5th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

NULL pointer dereference for some Intel(R) MLC software before version v3.11b may allow an authenticated user to potentially enable denial of service via local access.

Security Summary

CVE-2024-32941 is a NULL pointer dereference vulnerability (CWE-476) affecting some Intel(R) MLC software versions before v3.11b. Published on 2025-02-12, it carries a CVSS v3.1 base score of 7.9 (AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H), indicating a high-severity issue primarily impacting availability.

An authenticated attacker with local access and low privileges can exploit this vulnerability with low attack complexity and no user interaction. Exploitation may enable denial of service, with potential low-level impacts to confidentiality and integrity due to the changed scope.

Intel's Security Advisory INTEL-SA-01238 details mitigation steps, including updating to version v3.11b or later: https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01238.html.

Details

CWE(s): CWE-476

References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01238.html
secure@intel.com