CVE-2024-39279: 
Linux Debian vulnerability analysis and mitigation

CVE-2024-39279 is a security vulnerability discovered in UEFI firmware affecting certain Intel processors. The vulnerability was disclosed on February 12, 2025, and involves insufficient granularity of access control that could potentially enable denial of service attacks. The issue specifically affects authenticated users who have local access to the system (NVD, Intel Advisory).

The vulnerability has been assigned a CVSS v4.0 base score of 6.8 (Medium) with the vector string CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H. Under CVSS v3.1, it received a base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H. The vulnerability is classified under CWE-1220 (Insufficient Granularity of Access Control) (NVD).

When exploited, this vulnerability can lead to denial of service conditions in affected systems. The attack requires local access and authenticated user privileges, limiting its potential impact to scenarios where an attacker has already gained some level of system access (NVD).

Intel has released microcode updates as part of the INTEL-SA-01139 advisory to address this vulnerability. The fixes are included in the microcode update package released on February 11, 2025 (Intel Microcode).