CVE-2024-39805

High

Published: 12 February 2025

Published

12 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0004 10.5th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Insufficient verification of data authenticity in some Intel(R) DSA software before version 23.4.39 may allow an authenticated user to potentially enable escalation of privilege via local access.

Security Summary

CVE-2024-39805 involves insufficient verification of data authenticity (CWE-345) in some Intel(R) DSA software versions before 23.4.39. This vulnerability, published on 2025-02-12T22:15:37.420, carries a CVSS v3.1 base score of 7.8 (AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating high severity with local attack vector, high attack complexity, and significant impacts across confidentiality, integrity, and availability in a changed scope.

An authenticated user with low privileges (PR:L) can exploit this issue via local access, potentially enabling escalation of privilege. The high attack complexity (AC:H) requires specific conditions, but successful exploitation grants high-impact access without user interaction (UI:N), allowing the attacker to compromise the system's confidentiality, integrity, and availability with scope expansion.

Intel's security advisory at https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01030.html addresses this vulnerability, recommending updates to Intel(R) DSA software version 23.4.39 or later to mitigate the insufficient data authenticity verification.

Details

CWE(s): CWE-345

References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01030.html
secure@intel.com