CVE-2024-37355

High

Published: 12 February 2025

Published

12 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0004 12.2th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Improper access control in some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access.

Security Summary

CVE-2024-37355 is an improper access control vulnerability, classified under CWE-284, affecting some Intel(R) Graphics software. Published on 2025-02-12T22:15:35.330, it has a CVSS v3.1 base score of 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

An authenticated user with local access and low privileges can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation enables escalation of privilege, granting high-impact access to confidentiality, integrity, and availability across a changed scope.

The Intel security advisory provides details on mitigation; see https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01235.html for patches and recommended actions.

Details

CWE(s): CWE-284

References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01235.html
secure@intel.com