Cyber Resilience

CVE-2024-39356

High

Published: 12 February 2025

Published
12 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 7.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0006 17.8th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-39356 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Intel (inferred from references). Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 17.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2024-39356 is a NULL pointer dereference vulnerability, classified under CWE-476, affecting Intel(R) PROSet/Wireless WiFi and Killer™ WiFi software for Windows in versions prior to 23.80. Published on 2025-02-12, it carries a CVSS v3.1 base score of 7.4 (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H), indicating high severity primarily due to its potential for significant availability impact with a changed scope.

An unauthenticated attacker with adjacent network access can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation may enable a denial of service condition on the affected system.

Intel's security advisory at https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01224.html addresses this issue, with mitigation achieved by updating the affected software to version 23.80 or later.

EU & UK References

Vulnerability details

NULL pointer dereference in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

NULL dereference in WiFi driver enables remote adjacent-network exploitation causing endpoint DoS via application/system crash.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-40413Shared CWE-476
CVE-2025-57155Shared CWE-476
CVE-2026-28390Shared CWE-476
CVE-2026-23952Shared CWE-476
CVE-2025-57156Shared CWE-476
CVE-2025-63647Shared CWE-476
CVE-2025-69624Shared CWE-476
CVE-2024-55193Shared CWE-476
CVE-2025-63648Shared CWE-476
CVE-2026-25795Shared CWE-476

Affected Assets

Intel
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the CVE by requiring timely flaw remediation through updating the vulnerable Intel PROSet/Wireless WiFi software to version 23.80 or later.

preventdetect

Vulnerability scanning detects systems with vulnerable WiFi software versions and supports remediation to prevent exploitation.

prevent

Limits the effects of denial-of-service attacks triggered by the NULL pointer dereference in the WiFi software.

References