Cyber Resilience

CVE-2024-38310

MediumLPE

Published: 12 February 2025

Published
12 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 5.4 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0004 12.8th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-38310 is a medium-severity Improper Access Control (CWE-284) vulnerability in Intel (inferred from references). Its CVSS base score is 5.4 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 12.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-38310 is an improper access control vulnerability (CWE-284) affecting some Intel(R) Graphics Driver software installers. It allows an authenticated user to potentially enable escalation of privilege via local access. The vulnerability received a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability with a scope change.

An attacker with local access and low privileges, such as an authenticated user on the system, can exploit this vulnerability. Exploitation requires user interaction, but once triggered through the affected installer, it may allow the attacker to escalate privileges, potentially gaining higher-level access to the system.

For mitigation details, refer to Intel Security Advisory INTEL-SA-01235 at https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01235.html. The advisory provides guidance on patches and workarounds for affected Intel Graphics Driver software installers.

EU & UK References

Vulnerability details

Improper access control in some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local privilege escalation via improper access control in installer directly matches Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-48898Shared CWE-284
CVE-2026-25176Shared CWE-284
CVE-2026-48899Shared CWE-284
CVE-2026-37526Shared CWE-284
CVE-2024-56883Shared CWE-284
CVE-2026-42823Shared CWE-284
CVE-2026-0844Shared CWE-284
CVE-2026-41086Shared CWE-284
CVE-2026-35242Shared CWE-284
CVE-2026-33834Shared CWE-284

Affected Assets

Intel
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely remediation and patching of the specific improper access control flaw in Intel Graphics Driver software installers to prevent privilege escalation.

prevent

Enforces least privilege for local authenticated users, directly limiting the potential impact of privilege escalation via the vulnerable installer.

prevent

Mandates enforcement of approved access control policies by system software, addressing the core improper access control (CWE-284) in the Intel Graphics Driver installers.

References