CVE-2024-38310

High

Published: 12 February 2025

Published

12 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

EPSS Score 0.0004 12.2th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Improper access control in some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access.

Security Summary

CVE-2024-38310 is an improper access control vulnerability (CWE-284) affecting some Intel(R) Graphics Driver software installers. It allows an authenticated user to potentially enable escalation of privilege via local access. The vulnerability received a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability with a scope change.

An attacker with local access and low privileges, such as an authenticated user on the system, can exploit this vulnerability. Exploitation requires user interaction, but once triggered through the affected installer, it may allow the attacker to escalate privileges, potentially gaining higher-level access to the system.

For mitigation details, refer to Intel Security Advisory INTEL-SA-01235 at https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01235.html. The advisory provides guidance on patches and workarounds for affected Intel Graphics Driver software installers.

Details

CWE(s): CWE-284

References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01235.html
secure@intel.com