Skip to main content

Quickassist Technology CVE-2024-31858

HIGH
Out-of-bounds Write (CWE-787)
2025-02-12 secure@intel.com
7.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 18:26 vuln.today
Patch released
Mar 28, 2026 - 18:26 nvd
Patch available
CVE Published
Feb 12, 2025 - 22:15 nvd
HIGH 7.3

DescriptionCVE.org

Out-of-bounds write for some Intel(R) QuickAssist Technology software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

AnalysisAI

Out-of-bounds write for some Intel(R) QuickAssist Technology software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. Out-of-bounds write for some Intel(R) QuickAssist Technology software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Affected products include: Intel Quickassist Technology. Version information: version 2.2.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2023-32641 HIGH
8.8 Nov 14

Improper input validation in firmware for Intel(R) QAT before version QAT20.L.1.0.40-00004 may allow escalation of privi

CVE-2023-28741 HIGH
7.8 Nov 14

Buffer overflow in some Intel(R) QAT drivers for Windows - HW Version 1.0 before version 1.10 may allow an authenticated

CVE-2023-28740 HIGH
7.8 Nov 14

Uncontrolled search path element in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allo

CVE-2020-12333 HIGH
7.8 Nov 12

Insufficiently protected credentials in the Intel(R) QAT for Linux before version 1.7.l.4.10.0 may allow an authenticate

CVE-2018-12193 MEDIUM
5.5 Oct 10

Insufficient access control in driver stack for Intel QuickAssist Technology for Linux before version 4.2 may allow an u

CVE-2024-29223 MEDIUM
5.4 Feb 12

Uncontrolled search path for some Intel(R) QuickAssist Technology software before version 2.2.0 may allow an authenticat

CVE-2024-31153 MEDIUM
5.1 Feb 12

Improper input validation for some Intel(R) QuickAssist Technology software before version 2.2.0 may allow an authentica

CVE-2025-33000 HIGH
7.3 Nov 11

Improper input validation for some Intel QuickAssist Technology before version 2.6.0 within Ring 3: User Applications ma

CVE-2025-32732 MEDIUM
5.8 Nov 11

Buffer overflow for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 5.8), this vuln

CVE-2025-32446 MEDIUM
6.8 Nov 11

Untrusted pointer dereference for some Intel QuickAssist Technology software before version 2.6.0 within Ring 3: User Ap

CVE-2025-32088 MEDIUM
4.8 Nov 11

Improper conditions check for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 4.8),

CVE-2025-31937 MEDIUM
5.7 Nov 11

Out-of-bounds read for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 5.7). No ven

Share

CVE-2024-31858 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy