CVE-2024-28046 – This vulnerability in Intel GPA software allows... (How to Fix)

Q: What is the severity of CVE-2024-28046?

CVE-2024-28046 has a CVSS score of 6.7 (MEDIUM). This vulnerability in Intel GPA software allows authenticated local users to escalate privileges by manipulating the software's search path. It affects users running vulnerable versions of Intel GPA software on their systems. Attackers could gain higher system permissions than intended.

📋 TL;DR

This vulnerability in Intel GPA software allows authenticated local users to escalate privileges by manipulating the software's search path. It affects users running vulnerable versions of Intel GPA software on their systems. Attackers could gain higher system permissions than intended.

💻 Affected Systems

Products:

Intel(R) Graphics Performance Analyzers (GPA)

Versions: All versions before 2024.1

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Intel GPA software to be installed and the user to have local authenticated access.

📦 What is this software?

Graphics Performance Analyzers by Intel

View all CVEs affecting Graphics Performance Analyzers →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker could achieve full system compromise (SYSTEM/root access) by placing malicious DLLs in locations searched by Intel GPA software.

🟠

Likely Case

Local authenticated users could elevate privileges to install software, modify system settings, or access restricted data.

🟢

If Mitigated

With proper access controls and patching, impact is limited to denial of service or minimal privilege escalation.

🌐 Internet-Facing: LOW - Requires local authenticated access, not remotely exploitable.

🏢 Internal Only: MEDIUM - Internal users with local access could exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local authenticated access and knowledge of DLL hijacking techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024.1 or later

Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01105.html

Restart Required: Yes

Instructions:

1. Download Intel GPA version 2024.1 or later from Intel's website
2. Uninstall previous versions
3. Install the updated version
4. Restart the system

🔧 Temporary Workarounds

Restrict DLL search path

windows

Configure system to restrict DLL search paths for Intel GPA executables

Use Windows Group Policy or AppLocker to restrict DLL loading
Set DLL search order to safe directories only

Remove vulnerable software

windows

Uninstall Intel GPA if not required

Control Panel > Programs > Uninstall Intel GPA
Or use: msiexec /x {Intel-GPA-Product-Code}

🧯 If You Can't Patch

Restrict local user access to systems with Intel GPA installed
Implement strict DLL whitelisting policies
Monitor for suspicious DLL loading events

🔍 How to Verify

Check if Vulnerable:

Check Intel GPA version in installed programs list or run 'gpa --version' from command line

Check Version:

gpa --version

Verify Fix Applied:

Verify installed version is 2024.1 or later and check that DLL search path vulnerabilities are mitigated

📡 Detection & Monitoring

Log Indicators:

DLL loading from unusual locations by GPA processes
Process creation with elevated privileges from GPA executables
Failed DLL loading attempts from restricted paths

Network Indicators:

Not applicable - local vulnerability only

SIEM Query:

Process creation where parent_process contains 'gpa' AND integrity_level changed

📊 Metadata

CVE ID: CVE-2024-28046

CVSS v3 Score: 6.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-427

Published: August 14, 2024

Last Updated: September 6, 2024

🔗 References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01105.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-28046, you might also want to check these: