CVE-2024-36262
Published: 12 February 2025
Summary
CVE-2024-36262 is a high-severity Race Condition (CWE-362) vulnerability in Intel (inferred from references). Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 20.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).
Deeper analysis
CVE-2024-36262 is a race condition vulnerability, classified under CWE-362, affecting some Intel System Security Report and System Resources Defense firmware. Published on 2025-02-12T22:15:34.110, it carries a CVSS v3.1 base score of 7.2 (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N), indicating high severity with potential for significant confidentiality and integrity impacts.
A privileged user with local access can exploit this race condition to potentially achieve escalation of privilege. The attack requires high privileges (PR:H), local vector (AV:L), and high complexity (AC:H), with no user interaction (UI:N) needed. Scope changes to high (S:C), enabling elevated access without availability disruption.
Intel has issued security advisory INTEL-SA-01203 at https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01203.html, which security practitioners should consult for detailed mitigation guidance and available firmware updates.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-4950
Vulnerability details
Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Race condition in firmware directly enables local privilege escalation via exploitation (matches T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the race condition vulnerability in Intel firmware through timely identification, prioritization, and application of vendor-provided updates.
Establishes and maintains secure configuration settings for firmware to ensure patched versions addressing the race condition are enforced.
Enforces least privilege to limit the number of users with the high privileges required to locally exploit the firmware race condition for escalation.