SB2024121130 - Multiple vulnerabilities in Intel NUC Software Studio Service

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Improper access control (CVE-ID: CVE-2024-23197)

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A local user can bypass implemented security restrictions and gain elevated privileges on the target system.

2) Out-of-bounds write (CVE-ID: CVE-2024-34159)

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system with elevated privileges.

3) Improper access control (CVE-ID: CVE-2024-23498)

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A local user can bypass implemented security restrictions and gain elevated privileges on the target system.

4) Buffer overflow (CVE-ID: CVE-2024-36483)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error. A local user can trigger memory corruption and cause a denial of service condition on the target system.

5) Improper Initialization (CVE-ID: CVE-2024-36297)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper initialization. A local user can gain unauthorized access to sensitive information on the system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

• https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01185.html