CVE-2024-39606

Vulnerability

Overview

CVE-2024-39606 is an improper input validation vulnerability in Intel PROSet/Wireless WiFi and Killer WiFi software for Windows prior to version 23.80. The Intel security advisory (INTEL-SA-01224) describes the root cause as insufficient validation of user-supplied input, which can be triggered from within radio range of the affected system [1].

Exploitation

Conditions

An unauthenticated attacker with adjacent network access—meaning within physical proximity to the wireless range—can exploit this flaw without requiring any prior authentication or user interaction. The attack complexity is low, and the only prerequisite is that the target device has a vulnerable version of the software installed [1].

Impact

Successful exploitation leads to a denial of service (DoS) condition, potentially causing the wireless software to crash or become unresponsive. This would disrupt network connectivity for the affected system until the software is restarted or the system reboots [1].

Mitigation

Status

Intel has addressed the vulnerability by releasing version 23.80 of the software. Users are advised to update their drivers to the latest version available through Intel's support channels. No workarounds have been published, and the vulnerability is not currently known to be exploited in the wild per the advisory [1].