CVE-2024-38310
Published: 12 February 2025
Summary
CVE-2024-38310 is a medium-severity Improper Access Control (CWE-284) vulnerability in Intel (inferred from references). Its CVSS base score is 5.4 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 12.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-38310 is an improper access control vulnerability (CWE-284) affecting some Intel(R) Graphics Driver software installers. It allows an authenticated user to potentially enable escalation of privilege via local access. The vulnerability received a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability with a scope change.
An attacker with local access and low privileges, such as an authenticated user on the system, can exploit this vulnerability. Exploitation requires user interaction, but once triggered through the affected installer, it may allow the attacker to escalate privileges, potentially gaining higher-level access to the system.
For mitigation details, refer to Intel Security Advisory INTEL-SA-01235 at https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01235.html. The advisory provides guidance on patches and workarounds for affected Intel Graphics Driver software installers.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-4941
Vulnerability details
Improper access control in some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local privilege escalation via improper access control in installer directly matches Exploitation for Privilege Escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely remediation and patching of the specific improper access control flaw in Intel Graphics Driver software installers to prevent privilege escalation.
Enforces least privilege for local authenticated users, directly limiting the potential impact of privilege escalation via the vulnerable installer.
Mandates enforcement of approved access control policies by system software, addressing the core improper access control (CWE-284) in the Intel Graphics Driver installers.