CVE-2024-36262

High

Published: 12 February 2025

Published

12 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

EPSS Score 0.0004 11.8th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Description

Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Security Summary

CVE-2024-36262 is a race condition vulnerability, classified under CWE-362, affecting some Intel System Security Report and System Resources Defense firmware. Published on 2025-02-12T22:15:34.110, it carries a CVSS v3.1 base score of 7.2 (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N), indicating high severity with potential for significant confidentiality and integrity impacts.

A privileged user with local access can exploit this race condition to potentially achieve escalation of privilege. The attack requires high privileges (PR:H), local vector (AV:L), and high complexity (AC:H), with no user interaction (UI:N) needed. Scope changes to high (S:C), enabling elevated access without availability disruption.

Intel has issued security advisory INTEL-SA-01203 at https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01203.html, which security practitioners should consult for detailed mitigation guidance and available firmware updates.

Details

CWE(s): CWE-362

References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01203.html
secure@intel.com