#VU69118 Race condition in Intel products - CVE-2022-21198
Published: November 8, 2022 / Updated: February 22, 2023
Vulnerability identifier: #VU69118
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-21198
CWE-ID: CWE-362
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
11th Generation Intel Core Processors
Intel Xeon W Processors
12th Generation Intel Core Processors
Intel Pentium Gold Processor Series
Intel Celeron Processors
10th Generation Intel Core Processors
Intel Core Processors with Intel Hybrid Technology
Intel Pentium Silver N6000 Processors
Intel Celeron N4000 Processors
Intel Pentium Silver N5000 Processors
Intel Celeron Processor 5000 Series
11th Generation Intel Core Processors
Intel Xeon W Processors
12th Generation Intel Core Processors
Intel Pentium Gold Processor Series
Intel Celeron Processors
10th Generation Intel Core Processors
Intel Core Processors with Intel Hybrid Technology
Intel Pentium Silver N6000 Processors
Intel Celeron N4000 Processors
Intel Pentium Silver N5000 Processors
Intel Celeron Processor 5000 Series
Software vendor:
Intel
Intel
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in the BIOS firmware. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
Remediation
Install updates from vendor's website.