CVE-2024-41917
Published: 12 February 2025
Summary
CVE-2024-41917 is a medium-severity Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) vulnerability in Intel (inferred from references). Its CVSS base score is 5.4 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 20.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).
Deeper analysis
CVE-2024-41917 is a time-of-check time-of-use (TOCTOU) race condition vulnerability, classified under CWE-367, affecting Intel(R) Battery Life Diagnostic Tool software versions before 2.4.1. Published on 2025-02-12, it carries a CVSS v3.1 base score of 7.5 (AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H), indicating high severity with local attack vector, high attack complexity, low privileges required, user interaction needed, and changed scope leading to high impacts on confidentiality, integrity, and availability.
An authenticated user with local access and low privileges can potentially exploit this race condition to achieve escalation of privilege. The high complexity and requirement for user interaction limit feasibility, but success grants elevated access on the affected system.
Intel's security advisory INTEL-SA-01230, available at https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01230.html, addresses this issue, with mitigation via update to version 2.4.1 or later of the Intel(R) Battery Life Diagnostic Tool software.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-4949
Vulnerability details
Time-of-check time-of-use race condition for some Intel(R) Battery Life Diagnostic Tool software before version 2.4.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
TOCTOU race condition in local diagnostic tool directly enables local privilege escalation via software vulnerability exploitation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the TOCTOU race condition by requiring timely identification, reporting, and correction of the flaw through patching to Intel Battery Life Diagnostic Tool version 2.4.1 or later.
Limits the impact of privilege escalation from low-privilege authenticated users by ensuring processes and users operate with minimal necessary privileges.
Reduces exploitation risk by configuring systems to provide only essential capabilities and prohibiting or restricting non-essential software like the vulnerable diagnostic tool.