Marius Gabriel Mihai

**Name of the Vulnerable Software and Affected Versions** Intel(R) Graphics Driver versions 15.40 through 15.45 **Description** The issue is related to an uncontrolled search path in the Intel(R) Graphics Driver installers, which may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For versions 15.40 and 15.45, update to a version that fixes the uncontrolled search path issue to prevent potential escalation of privilege. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) RAID Web Console software for all versions **Description** The issue is related to an uncontrolled search path element in the Intel(R) RAID Web Console software. This may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For all versions, consider restricting local access to the Intel(R) RAID Web Console software until a fix is available. As a temporary workaround, review and limit the search path elements to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dell Repository Manager versions 3.4.2 and earlier **Description** A local low privileged attacker may potentially exploit a Local Privilege Escalation Vulnerability in the Installation module, leading to the execution of arbitrary executables on the operating system with high privileges. This exploitation may result in the unavailability of the service. **Recommendations** For Dell Repository Manager versions 3.4.2 and earlier, patch immediately to prevent privilege escalation and unauthorized access. As a temporary workaround, consider restricting access to the Installation module until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Endurance Gaming Mode software versions prior to 1.3.937.0 **Description** The issue is related to incorrect default permissions in some software installers, which may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to 1.3.937.0, update to version 1.3.937.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel(R) PM software (affected versions not specified) **Description** The issue is related to improper authorization in some Intel(R) PM software, which may allow a privileged user to potentially enable escalation of privilege via local access. This could be exploited by an attacker to gain higher privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) SUR for Gameplay Software versions prior to 2.0.1901 **Description** The issue is related to an uncontrolled search path in the Intel System Usage Report software, which may allow a privileged user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to 2.0.1901, update to version 2.0.1901 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Optane(TM) PMem 100 Series Management Software versions prior to 01.00.00.3547 **Description** The issue is related to improper access control in the Intel(R) Optane(TM) PMem 100 Series Management Software, which may allow an authenticated user to potentially enable escalation of privilege via local access. This is due to deficiencies in access control, which can be exploited by an attacker to elevate their privileges. **Recommendations** For versions prior to 01.00.00.3547, update to version 01.00.00.3547 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel(R) SUR for Gameplay Software versions prior to 2.0.1901 **Description** The issue is related to incorrect default permissions in the Intel(R) SUR for Gameplay Software, which may allow a privileged user to potentially enable escalation of privilege via local access. This could lead to a user gaining higher privileges than intended. **Recommendations** For versions prior to 2.0.1901, update to version 2.0.1901 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Optane(TM) PMem software versions prior to 01.00.00.3547 Intel(R) Optane(TM) PMem software versions prior to 02.00.00.3915 Intel(R) Optane(TM) PMem software versions prior to 03.00.00.0483 **Description** The issue is related to improper access control in some Intel(R) Optane(TM) PMem software, which may allow an authenticated user to potentially enable escalation of privilege via local access. This vulnerability affects Intel Optane PMem 100 Series, Intel Optane PMem 200 Series, and Intel Optane PMem 300 Series. **Recommendations** For versions prior to 01.00.00.3547, update to version 01.00.00.3547 or later. For versions prior to 02.00.00.3915, update to version 02.00.00.3915 or later. For versions prior to 03.00.00.0483, update to version 03.00.00.0483 or later.

**Name of the Vulnerable Software and Affected Versions** Dell Display Manager version 2.1.1.17 **Description** The Dell Display Manager application contains an issue that allows a low-privilege user to execute malicious code during the installation and uninstallation processes. **Recommendations** For Dell Display Manager version 2.1.1.17, consider restricting installation and uninstallation privileges to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Dell Display Manager versions 2.1.1.17 and prior **Description** The issue is related to an insecure operation on Windows junction/mount points in the Dell Display Manager application. A local malicious user could potentially exploit this during installation, leading to arbitrary folder or file deletion. The vulnerability is associated with incorrect link resolution before accessing a file, which could allow an attacker to delete arbitrary files. **Recommendations** For versions 2.1.1.17 and prior, consider restricting access to the Dell Display Manager application during installation to minimize the risk of exploitation. As a temporary workaround, avoid using the application until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) QAT drivers for Windows - HW Version 2.0 versions prior to 2.0.4 **Description** The issue is related to improper authorization in Intel(R) QAT drivers, which may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to 2.0.4, update to version 2.0.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel(R) NUC Uniwill Service Driver version 1.0.1.6 and earlier **Description** The issue allows an authenticated user to potentially enable escalation of privilege via local access due to path transversal in the Intel(R) NUC Uniwill Service Driver installation software. **Recommendations** For versions prior to 1.0.1.7, update to version 1.0.1.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel Battery Life Diagnostic Tool versions prior to 2.2.1 **Description** The issue is related to improper authorization in the installation software of the Intel Battery Life Diagnostic Tool. This may allow a privileged user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to 2.2.1, update to version 2.2.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel Arc RGB Controller versions prior to 1.06 **Description** The issue is related to incorrect default permissions in the software, which may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to 1.06, update to version 1.06 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel(R) RealSense(TM) Dynamic Calibration software versions prior to 2.13.1.0 **Description** The issue is related to an uncontrolled search path element in the software, which may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to 2.13.1.0, update to version 2.13.1.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel(R) NUC Kits & Mini PCs - NUC8i7HVK & NUC8HNK USB Type C power delivery controller installation software versions prior to 1.0.10.3 **Description** The issue allows an authenticated user to potentially enable escalation of privilege via local access due to path transversal in the USB Type C power delivery controller installation software. **Recommendations** For versions prior to 1.0.10.3, update the USB Type C power delivery controller installation software to version 1.0.10.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel(R) NUC P14E Laptop Element Audio Install Package software versions prior to 156 for Windows **Description** The issue concerns path transversal in the Intel(R) NUC P14E Laptop Element Audio Install Package software, which may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to 156, update to version 156 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Server Information Retrieval Utility versions prior to 16.0.9 **Description** The issue is related to an uncontrolled search path element in the Intel(R) Server Information Retrieval Utility software. This may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to 16.0.9, update to version 16.0.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel(R) VROC software versions prior to 8.0.0.4035 **Description** The issue is related to improper access control in Intel(R) VROC software, which may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to 8.0.0.4035, update to version 8.0.0.4035 or later to resolve the issue.