Race condition in Intel Hardware solutions

#VU69118 Race condition in Intel Hardware solutions

Published: 2022-11-08 | Updated: 2023-02-22

Vulnerability identifier: #VU69118

Vulnerability risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21198

CWE-ID: CWE-362

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
11th Generation Intel Core Processors
Hardware solutions / Firmware
Intel Xeon W Processors
Hardware solutions / Firmware
12th Generation Intel Core Processors
Hardware solutions / Firmware
Intel Pentium Gold Processor Series
Hardware solutions / Firmware
Intel Celeron Processors
Hardware solutions / Firmware
10th Generation Intel Core Processors
Hardware solutions / Firmware
Intel Core Processors with Intel Hybrid Technology
Hardware solutions / Firmware
Intel Pentium Silver N6000 Processors
Hardware solutions / Firmware
Intel Celeron N4000 Processors
Hardware solutions / Firmware
Intel Pentium Silver N5000 Processors
Hardware solutions / Firmware
Intel Celeron Processor 5000 Series
Hardware solutions / Firmware

Vendor: Intel

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in the BIOS firmware. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

11th Generation Intel Core Processors: All versions

Intel Xeon W Processors: All versions

12th Generation Intel Core Processors: All versions

Intel Pentium Gold Processor Series: All versions

Intel Celeron Processors: All versions

10th Generation Intel Core Processors: All versions

Intel Core Processors with Intel Hybrid Technology: All versions

Intel Pentium Silver N6000 Processors: All versions

Intel Celeron N4000 Processors: All versions

Intel Pentium Silver N5000 Processors: All versions