Cyber Posture

CVE-2024-31858

High

Published: 12 February 2025

Published
12 February 2025
Modified
03 December 2025
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0012 30.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-31858 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Intel Quickassist Technology. Its CVSS base score is 7.8 (High).

Operationally, ranked at the 30.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the out-of-bounds write vulnerability by requiring timely remediation through patching to Intel QuickAssist Technology software version 2.2.0 or later.

SI-16 Memory Protection good match
prevent

Implements memory protection techniques such as address space layout randomization and data execution prevention to block exploitation of the out-of-bounds write for privilege escalation.

AC-6 Least Privilege partial match
prevent

Limits the privileges of the authenticated low-privilege user, reducing the attack surface and potential impact of successful local exploitation.

NVD Description

Out-of-bounds write for some Intel(R) QuickAssist Technology software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Deeper analysisAI

CVE-2024-31858 is an out-of-bounds write vulnerability (CWE-787) in Intel QuickAssist Technology software versions prior to 2.2.0. This flaw affects the specified software component, which is used for hardware-accelerated cryptographic and data compression/compression tasks. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential impact on confidentiality, integrity, and availability.

An authenticated user with low privileges can exploit this vulnerability via local access. The attack requires low complexity and no user interaction, allowing the attacker to potentially escalate privileges on the affected system.

Intel's security advisory (INTEL-SA-01124) details the issue and mitigation steps, available at https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01124.html. Updating to Intel QuickAssist Technology software version 2.2.0 or later addresses the vulnerability.

Details

CWE(s)
CWE-787

Affected Products

intel
quickassist technology
≤ 2.2.0-0012

CVEs Like This One

CVE-2024-29223Same product: Intel Quickassist Technology
CVE-2025-24299Same vendor: Intel
CVE-2025-20890Shared CWE-787
CVE-2019-25681Shared CWE-787
CVE-2026-23715Shared CWE-787
CVE-2025-21161Shared CWE-787
CVE-2026-21327Shared CWE-787
CVE-2025-21042Shared CWE-787
CVE-2026-3094Shared CWE-787
CVE-2026-27703Shared CWE-787

References