Privilege escalation in Intel NUC 9 Extreme Laptop Kit



Published: 2022-08-11
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-21229
CWE-ID CWE-119
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
NUC 9 Extreme Laptop Kit - LAPQC71B
Hardware solutions / Drivers

NUC 9 Extreme Laptop Kit - LAPQC71D
Hardware solutions / Drivers

NUC 9 Extreme Laptop Kit - LAPQC71C
Hardware solutions / Drivers

NUC 9 Extreme Laptop Kit - LAPQC71A
Hardware solutions / Drivers

Vendor

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Buffer overflow

EUVDB-ID: #VU66411

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-21229

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A local user can trigger memory corruption and execute arbitrary code on the target system with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

NUC 9 Extreme Laptop Kit - LAPQC71B: before 2.2.0.22

NUC 9 Extreme Laptop Kit - LAPQC71D: before 2.2.0.22

NUC 9 Extreme Laptop Kit - LAPQC71C: before 2.2.0.22

NUC 9 Extreme Laptop Kit - LAPQC71A: before 2.2.0.22


CPE2.3 External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00665.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###