CVE-2024-32941
Published: 12 February 2025
Summary
CVE-2024-32941 is a medium-severity NULL Pointer Dereference (CWE-476) vulnerability in Intel (inferred from references). Its CVSS base score is 6.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 13.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).
Deeper analysis
CVE-2024-32941 is a NULL pointer dereference vulnerability (CWE-476) affecting some Intel(R) MLC software versions before v3.11b. Published on 2025-02-12, it carries a CVSS v3.1 base score of 7.9 (AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H), indicating a high-severity issue primarily impacting availability.
An authenticated attacker with local access and low privileges can exploit this vulnerability with low attack complexity and no user interaction. Exploitation may enable denial of service, with potential low-level impacts to confidentiality and integrity due to the changed scope.
Intel's Security Advisory INTEL-SA-01238 details mitigation steps, including updating to version v3.11b or later: https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01238.html.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-4957
Vulnerability details
NULL pointer dereference for some Intel(R) MLC software before version v3.11b may allow an authenticated user to potentially enable denial of service via local access.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
NULL pointer dereference enables local application exploitation leading to denial of service (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the NULL pointer dereference vulnerability by requiring timely patching of Intel MLC software to version v3.11b or later as specified in the advisory.
Enables vulnerability scanning to identify systems running vulnerable versions of Intel MLC software for remediation.
Addresses poor error handling underlying the NULL pointer dereference that leads to denial of service by requiring secure error processing.