CVE-2024-41917

High

Published: 12 February 2025

Published

12 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

EPSS Score 0.0007 20.1th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Time-of-check time-of-use race condition for some Intel(R) Battery Life Diagnostic Tool software before version 2.4.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Security Summary

CVE-2024-41917 is a time-of-check time-of-use (TOCTOU) race condition vulnerability, classified under CWE-367, affecting Intel(R) Battery Life Diagnostic Tool software versions before 2.4.1. Published on 2025-02-12, it carries a CVSS v3.1 base score of 7.5 (AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H), indicating high severity with local attack vector, high attack complexity, low privileges required, user interaction needed, and changed scope leading to high impacts on confidentiality, integrity, and availability.

An authenticated user with local access and low privileges can potentially exploit this race condition to achieve escalation of privilege. The high complexity and requirement for user interaction limit feasibility, but success grants elevated access on the affected system.

Intel's security advisory INTEL-SA-01230, available at https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01230.html, addresses this issue, with mitigation via update to version 2.4.1 or later of the Intel(R) Battery Life Diagnostic Tool software.

Details

CWE(s): CWE-367

References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01230.html
secure@intel.com