CVE-2024-45371 is a medium-severity vulnerability affecting Intel(R) Arc™ and Iris(R) Xe graphics software versions prior to 32.0.101.6077. The flaw arises from improper access control mechanisms within the graphics software, which can be exploited by an authenticated local user to trigger a denial of service (DoS) condition. Specifically, the vulnerability allows a user with limited privileges (low privileges) to cause the graphics driver or associated software components to become unresponsive or crash, thereby disrupting the availability of graphics processing capabilities on the affected system. The attack vector requires local access with authentication, meaning an attacker must already have some level of user access to the system. User interaction is also required to trigger the vulnerability. The CVSS 4.0 base score of 5.2 reflects these factors: low attack vector (local), low attack complexity, no need for elevated privileges beyond authenticated user, and no requirement for user interaction beyond the attacker’s own actions. The vulnerability does not impact confidentiality or integrity but primarily affects availability, potentially causing system instability or crashes related to graphics processing. No known exploits are currently reported in the wild, and no official patches or mitigation links are provided in the source data, though it is expected that Intel will release or has released updates to address this issue in version 32.0.101.6077 or later. This vulnerability is relevant for systems using Intel Arc or Iris Xe graphics software, which are commonly found in modern laptops, desktops, and workstations that rely on Intel integrated or discrete graphics solutions.

For European organizations, the primary impact of CVE-2024-45371 is the potential disruption of workstation and endpoint availability due to graphics driver crashes or instability. This can affect productivity, especially in sectors relying heavily on graphical applications such as design, engineering, media production, and scientific research. While the vulnerability does not allow data theft or system takeover, denial of service conditions can lead to operational downtime and increased support costs. In environments with shared or multi-user systems, an authenticated user could intentionally or accidentally cause service interruptions affecting other users. Additionally, organizations with strict uptime requirements or those using Intel graphics in critical infrastructure or industrial control systems may face operational risks. The requirement for local authenticated access limits remote exploitation risk, but insider threats or compromised user accounts could leverage this vulnerability. Given the widespread use of Intel graphics in European corporate and consumer devices, the vulnerability has a broad potential impact, though it is not a critical threat to confidentiality or integrity.

To mitigate CVE-2024-45371, European organizations should: 1) Ensure all systems using Intel Arc or Iris Xe graphics software are updated to version 32.0.101.6077 or later, applying the latest Intel graphics driver updates as soon as they become available. 2) Implement strict access controls and user privilege management to minimize the number of users with authenticated local access, reducing the risk of exploitation by unauthorized or low-privilege users. 3) Monitor endpoint stability and logs for signs of graphics driver crashes or unusual behavior that could indicate exploitation attempts. 4) Educate users about the risks of running untrusted applications or scripts that might trigger the vulnerability. 5) In sensitive environments, consider isolating or restricting access to systems with Intel graphics drivers until patches are applied. 6) Employ endpoint detection and response (EDR) tools capable of detecting anomalous local activity related to graphics driver failures. These steps go beyond generic advice by focusing on controlling local access, timely patching, and monitoring for specific instability symptoms related to the graphics software.