DEBIAN-CVE-2024-24582

DEBIAN-CVE-2024-24582 PUBLISHED CVSS 8.699999809265137 HIGH

Improper input validation in XmlCli feature for UEFI firmware for some Intel(R) processors may allow privileged user to potentially enable escalation of privilege via local access.

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products

Vendor	Product	Versions
Debian:11	intel-microcode	3.20220510.1, 3.20201110.1, *
Debian:12	intel-microcode	3.20200609.1, 0.20100826-1, 0
Debian:14	intel-microcode	0.20100914-1, 0, 0.20080401-1
Debian:13	intel-microcode	0.20080910-2, ,

Timeline

Feb 12, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2024-24582 advisory

Open in Interactive Console →