Re:ICLS Client CVE-2024-5535

Mat9 · ‎12-03-2024

The Intel ICLS Client driver product seems to be vulnerable to CVE-2024-5535.

This product is installed on several Dell Precision laptops.

Path to the vulnerable component:

C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_*\lib\libssl-3-x64.dll

For SSL to be vulnerable, two conditions must be met:

The OpenSSL version is lesser than 3.0.15
The application is able to call the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer

Please suggest whether Intel released patched versions for the ICLS Client or if this vulnerability has been mitigated.

Thank you very much.

JedG_Intel · ‎12-22-2024

Hello Mat9,

Thank you for posting on Intel Community Forum.

Please provide the processor model used on the laptops. Once provided, I'll be checking this internally.

I look forward to your response!

Best regards,

Jed G.

Intel Customer Support Technician

Mat9 · ‎12-23-2024

Hello JedG.

Please see below:

Dell Precision M5520	Intel i7-7820HQ (Quad Core HT, 8MB Cache, 2.90GHz)
Dell Precision M5530	Intel Core i7-8850H Six Core 2.60GHz, 4.30 GHz Turbo, 9MB 45W
Dell Precision M5540	Intel Core i7-9850H Six Core 2.60GHz, 4.60 GHz Turbo, 12MB 45W
Dell Mobile Precision 7550 CTO BASE	Intel Core i7-10850H Six Core 2.70GHz 5.10Ghz Turbo, 12MB 45W
Dell Latitude 5530	12th Gen Intel® Core™ i5-1245U 1.6GHz
HP Elite Dragonfly 13.5 inch G3 Notebook PC	12th Gen Intel(R) Evo Core(TM) i7-1265U 1782 MHz
HP Z2 Mini G9	Intel i9-12900K 16C 3.20 125W

Thank you!

DouglasR · ‎12-23-2024

Hi there. I see so many threads regarding this CVE and others with OpenSSL vulnerabilities at these paths

c:\windows\system32\driverstore\filerepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\libcrypto-3-x64.dll

c:\windows\system32\driverstore\filerepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\libssl-3-x64.dll

Related to the iCLS Client Driver version 1.71.99.00.

Have I missed something? Is there not an updated driver for this yet?

JedG_Intel · ‎12-25-2024

Hi Mat9,

Thank you for sharing this information. I will now check this internally and I'll give you an update as soon as possible.

Best regards,

Jed G.

Intel Customer Support Technician

JedG_Intel · ‎12-26-2024

Hi Mat9,

I have reviewed your concern internally and to report a vulnerability, please send an email to secure@intel.com.

For detailed instructions, please refer to this - How Do I Report Security and Vulnerability Issues Related to Intel® Products?

I hope this addresses your concern. Should you have any further questions, please feel free to reach out.

Best regards,

Jed G.

Intel Customer Support Technician

JedG_Intel · ‎01-02-2025

Hello Mat9,

I wanted to check if you had the chance to check the information I posted. Should you have other questions, please let me know.

Best regards,

Jed G.

Intel Customer Support Technician

Mat9 · ‎01-03-2025

Hello JedG.

Thank you for sharing the contact details!

Hopefully, the PSIRT can help.

JedG_Intel · ‎01-06-2025

Hi Mat9,

I really hope for the best too and I'm glad that I was able to share this information with you. Please advise if I can close this inquiry or if you have other questions so I could continue accordingly.

Best regards,

Jed G.

Intel Customer Support Technician

JedG_Intel · ‎01-12-2025

Hi Mat9,

I have not heard back from you so I will close this inquiry now. If you need further assistance, please submit a new question as this thread will no longer be monitored.

Best regards,

Jed G.

Intel Customer Support Technician