Vulnerability identifier: #VU72449

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-26343

CWE-ID: CWE-284

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
2nd Generation Intel Xeon Scalable Processors
Hardware solutions / Firmware
Intel Xeon D Processors
Hardware solutions / Firmware
Intel Xeon Processor D 1500
Hardware solutions / Firmware
Intel Xeon Platinum P-8124 processors
Hardware solutions / Firmware
Intel Xeon Platinum P-8136 processors
Hardware solutions / Firmware
Intel Xeon Scalable Processors
Hardware solutions / Other hardware appliances

Vendor: Intel

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper access restrictions in the BIOS firmware. A local privileged user can execute arbitrary code with elevated privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

2nd Generation Intel Xeon Scalable Processors: All versions

Intel Xeon D Processors: All versions

Intel Xeon Scalable Processors: All versions

Intel Xeon Processor D 1500: All versions

Intel Xeon Platinum P-8124 processors: All versions

Intel Xeon Platinum P-8136 processors: All versions

---

CPE

• cpe:2.3:h:intel:2nd_generation_intel_xeon_scalable_processors:*:*:*:*:*:*:*:*

External links
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00717.html

---

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?