CVE-2024-39279 — Insufficient Granularity of Access Control in Intel-microcode

CWE-1220 — Insufficient Granularity of Access Control9 documents6 sources

Severity

6.8MEDIUMNVD

OSV5.6

EPSS

0.0%

top 93.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Intel-microcode

Timeline

PublishedFeb 12

Latest updateFeb 24

Description

Insufficient granularity of access control in UEFI firmware in some Intel(R) processors may allow a authenticated user to potentially enable denial of service via local access.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

Affected Packages1 packages

▶debiandebian/intel-microcode< intel-microcode 3.20250211.1~deb12u1 (bookworm)

🔴Vulnerability Details

OSV

intel-microcode vulnerabilities↗2025-02-24

▶

OSV

intel-microcode vulnerabilities↗2025-02-17

▶

GHSA

GHSA-pw2v-hvc7-4w3q: Insufficient granularity of access control in UEFI firmware in some Intel(R) processors may allow a authenticated user to potentially enable denial of↗2025-02-13

▶

OSV

CVE-2024-39279: Insufficient granularity of access control in UEFI firmware in some Intel(R) processors may allow a authenticated user to potentially enable denial of↗2025-02-12

▶

📋Vendor Advisories

Ubuntu

Intel Microcode vulnerabilities↗2025-02-24

▶

Ubuntu

Intel Microcode vulnerabilities↗2025-02-17

▶

Red Hat

microcode_ctl: Insufficient granularity of access control in UEFI firmware↗2025-02-12

▶

Debian

CVE-2024-39279: intel-microcode - Insufficient granularity of access control in UEFI firmware in some Intel(R) pro...↗2024

▶