Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2022-0004 |
CWE-ID | CWE-254 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software |
10th Generation Intel Core Processors Hardware solutions / Firmware 11th Generation Intel Core Processors Hardware solutions / Firmware 12th Generation Intel Core Processors Hardware solutions / Firmware Intel Celeron Processor 4000 Series Hardware solutions / Firmware Intel Celeron Processor 6000 Series Hardware solutions / Firmware Intel Celeron processor J3000/N3000 series Hardware solutions / Firmware Intel Celeron J4000 Processors Hardware solutions / Firmware Intel Celeron N4000 Processors Hardware solutions / Firmware Intel Celeron Processor N Series Hardware solutions / Firmware Intel Atom Processor P5000 Series Hardware solutions / Firmware Intel Atom processor X E3900 series Hardware solutions / Firmware Intel Atom Processor x6000E Series Hardware solutions / Firmware Intel Celeron Processor J Series Hardware solutions / Firmware Intel 100 Series Chipset Hardware solutions / Firmware Intel 200 Series Chipset Hardware solutions / Firmware Intel 300 Series Chipset Hardware solutions / Firmware Intel 400 Series Chipset Hardware solutions / Firmware Intel C230 series chipset Hardware solutions / Firmware Intel C240 Series Chipset Hardware solutions / Firmware Intel C250 Series Chipset Hardware solutions / Firmware Intel C420 Chipset Hardware solutions / Firmware Intel C620 Series Chipset Hardware solutions / Firmware Intel C620A Series Chipset Hardware solutions / Firmware Intel Core i5 L16G7 Hardware solutions / Firmware Intel Core i3 L13G4 Hardware solutions / Firmware Intel Pentium Processor J4000 Series Hardware solutions / Firmware Intel Pentium Processor N4000 Series Hardware solutions / Firmware Intel Pentium Silver J5000 Processor Hardware solutions / Firmware Intel Pentium Silver N5000 Processors Hardware solutions / Firmware Intel X299 Chipset Hardware solutions / Firmware Intel Xeon D Processor 2000 Series Hardware solutions / Firmware Intel Xeon W Processor 1300 Series Hardware solutions / Firmware Intel Pentium Gold Processor Series Hardware solutions / Firmware Pentium Gold processor series (G54XXU) Hardware solutions / Firmware Intel Pentium Processor Silver Series Hardware solutions / Firmware Intel Pentium Processor J Series Hardware solutions / Other hardware appliances Intel Pentium Processor N Series Hardware solutions / Other hardware appliances |
Vendor | Intel |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU63503
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-0004
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows an attacker to bypass implemented security restrictions.
The vulnerability exists due to hardware debug modes and processor INIT setting allow to override of locks for some Intel Processors in Intel Boot Guard and Intel Trusted Execution Technology. An unauthenticated attacker with physical access to the system can bypass implemented security restrictions and escalate privileges on the system.
The vulnerability can be also exploited remotely by an authenticated attacker on the local network.
Install updates from vendor's website.
Vulnerable software versions10th Generation Intel Core Processors: All versions
11th Generation Intel Core Processors: All versions
12th Generation Intel Core Processors: All versions
Intel Celeron Processor 4000 Series: All versions
Intel Celeron Processor 6000 Series: All versions
Intel Celeron processor J3000/N3000 series: All versions
Intel Celeron J4000 Processors: All versions
Intel Celeron N4000 Processors: All versions
Intel Celeron Processor N Series: All versions
Intel Atom Processor P5000 Series: All versions
Intel Atom processor X E3900 series: All versions
Intel Atom Processor x6000E Series: All versions
Intel Celeron Processor J Series: All versions
Intel Pentium Processor J Series: All versions
Intel Pentium Processor N Series: All versions
Intel 100 Series Chipset: All versions
Intel 200 Series Chipset: All versions
Intel 300 Series Chipset: All versions
Intel 400 Series Chipset: All versions
Intel C230 series chipset: All versions
Intel C240 Series Chipset: All versions
Intel C250 Series Chipset: All versions
Intel C420 Chipset: All versions
Intel C620 Series Chipset: All versions
Intel C620A Series Chipset: All versions
Intel Core i5 L16G7: All versions
Intel Core i3 L13G4: All versions
Intel Pentium Processor J4000 Series: All versions
Intel Pentium Processor N4000 Series: All versions
Intel Pentium Silver J5000 Processor: All versions
Intel Pentium Silver N5000 Processors: All versions
Intel X299 Chipset: All versions
Intel Xeon D Processor 2000 Series: All versions
Intel Xeon W Processor 1300 Series: All versions
Intel Pentium Gold Processor Series: All versions
Pentium Gold processor series (G54XXU): All versions
Intel Pentium Processor Silver Series: All versions
CPE2.3http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00613.html
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.