Input validation error in Intel products - CVE-2022-29494
Published: March 9, 2023
Vulnerability identifier: #VU73205
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-29494
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Intel
Affected software:
C740 series chipset
3rd Generation Intel Xeon Scalable Processors
Intel C620A Series Chipset
OpenBMC
C740 series chipset
3rd Generation Intel Xeon Scalable Processors
Intel C620A Series Chipset
OpenBMC
Detailed vulnerability description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in firmware. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
How to mitigate CVE-2022-29494
Install updates from vendor's website.