Cyber Resilience

CVE-2024-36262

High

Published: 12 February 2025

Published
12 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0007 20.7th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-36262 is a high-severity Race Condition (CWE-362) vulnerability in Intel (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 20.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2024-36262 is a race condition vulnerability, classified under CWE-362, affecting some Intel System Security Report and System Resources Defense firmware. Published on 2025-02-12T22:15:34.110, it carries a CVSS v3.1 base score of 7.2 (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N), indicating high severity with potential for significant confidentiality and integrity impacts.

A privileged user with local access can exploit this race condition to potentially achieve escalation of privilege. The attack requires high privileges (PR:H), local vector (AV:L), and high complexity (AC:H), with no user interaction (UI:N) needed. Scope changes to high (S:C), enabling elevated access without availability disruption.

Intel has issued security advisory INTEL-SA-01203 at https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01203.html, which security practitioners should consult for detailed mitigation guidance and available firmware updates.

EU & UK References

Vulnerability details

Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Race condition in firmware directly enables local privilege escalation via exploitation (matches T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-8520Shared CWE-362
CVE-2025-68960Shared CWE-362
CVE-2026-21231Shared CWE-362
CVE-2026-20921Shared CWE-362
CVE-2026-35099Shared CWE-362
CVE-2026-34334Shared CWE-362
CVE-2024-40849Shared CWE-362
CVE-2026-34351Shared CWE-362
CVE-2025-48577Shared CWE-362
CVE-2026-23169Shared CWE-362

Affected Assets

Intel
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the race condition vulnerability in Intel firmware through timely identification, prioritization, and application of vendor-provided updates.

prevent

Establishes and maintains secure configuration settings for firmware to ensure patched versions addressing the race condition are enforced.

prevent

Enforces least privilege to limit the number of users with the high privileges required to locally exploit the firmware race condition for escalation.

References