关键信息 Intel ID: INTEL-SA-01326 Advisory Category: Software Impact of Vulnerability: Escalation of Privilege, Denial of Service Severity Rating: MEDIUM Original Release: 08/12/2025 Last Revised: 08/12/2025 Summary Potential security vulnerabilities in the TinyCBOR library maintained by Intel may allow elevation of privilege or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details CVE-2025-24302 - Description: Uncontrolled recursion for some TinyCBOR libraries maintained by Intel before version 0.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access. - CVSS Base Score 3.1: 6.7 Medium - CVSS Vector 3.1: AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H - CVSS Base Score 4.0: 5.4 Medium - CVSS Vector 4.0: AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VIH:VA:H/SC:N/SI:N/SA:N CVE-2025-24303 - Description: Uncontrolled recursion for some TinyCBOR libraries maintained by Intel before version 0.6.1 may allow an authenticated user to potentially enable denial of service via local access. - CVSS Base Score 3.1: 4.4 Medium - CVSS Vector 3.1: AV:L/AC:H/PR:L/UI:R/S:C/N/A/H - CVSS Base Score 4.0: 4.1 Medium - CVSS Vector 4.0: AV:L/AC:H/AT:P/PR:L/UI:A/VC:N/VIN:VA:H/SC:N/SI:N/SA:N Affected Products TinyCBOR library maintained by Intel before version 0.6.1. Recommendation Intel recommends updating the TinyCBOR library maintained by Intel to version 0.6.1 or later. Updates are available for download at this location: https://github.com/intel/tinycbor/releases