Cyber Resilience

CVE-2024-32941

Medium

Published: 12 February 2025

Published
12 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0004 13.1th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-32941 is a medium-severity NULL Pointer Dereference (CWE-476) vulnerability in Intel (inferred from references). Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 13.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2024-32941 is a NULL pointer dereference vulnerability (CWE-476) affecting some Intel(R) MLC software versions before v3.11b. Published on 2025-02-12, it carries a CVSS v3.1 base score of 7.9 (AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H), indicating a high-severity issue primarily impacting availability.

An authenticated attacker with local access and low privileges can exploit this vulnerability with low attack complexity and no user interaction. Exploitation may enable denial of service, with potential low-level impacts to confidentiality and integrity due to the changed scope.

Intel's Security Advisory INTEL-SA-01238 details mitigation steps, including updating to version v3.11b or later: https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01238.html.

EU & UK References

Vulnerability details

NULL pointer dereference for some Intel(R) MLC software before version v3.11b may allow an authenticated user to potentially enable denial of service via local access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

NULL pointer dereference enables local application exploitation leading to denial of service (T1499.004).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-40413Shared CWE-476
CVE-2025-57155Shared CWE-476
CVE-2026-28390Shared CWE-476
CVE-2026-23952Shared CWE-476
CVE-2025-57156Shared CWE-476
CVE-2025-63647Shared CWE-476
CVE-2025-69624Shared CWE-476
CVE-2024-55193Shared CWE-476
CVE-2025-63648Shared CWE-476
CVE-2026-25795Shared CWE-476

Affected Assets

Intel
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the NULL pointer dereference vulnerability by requiring timely patching of Intel MLC software to version v3.11b or later as specified in the advisory.

detect

Enables vulnerability scanning to identify systems running vulnerable versions of Intel MLC software for remediation.

prevent

Addresses poor error handling underlying the NULL pointer dereference that leads to denial of service by requiring secure error processing.

References