#VU72451 Improper Initialization


Published: 2023-02-21

Vulnerability identifier: #VU72451

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32231

CWE-ID:

Exploitation vector: Local

Exploit availability:

Vulnerable software:
Intel Xeon Scalable Processors
Hardware solutions / Other hardware appliances
3rd Generation Intel Xeon Scalable Processors
Hardware solutions / Firmware
2nd Generation Intel Xeon Scalable Processors
Hardware solutions / Firmware

Vendor: Intel

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper initialization in the BIOS firmware. A local user can run a specially crafted application to execute arbitrary code with escalated privileges on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Intel Xeon Scalable Processors: All versions

3rd Generation Intel Xeon Scalable Processors: All versions

2nd Generation Intel Xeon Scalable Processors: All versions


Fixed software versions

CPE

External links
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00717.html


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability