#VU72451 Improper Initialization


Published: 2023-02-21

Vulnerability identifier: #VU72451

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32231

CWE-ID: CWE-665

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Intel Xeon Scalable Processors
Hardware solutions / Other hardware appliances
3rd Generation Intel Xeon Scalable Processors
Hardware solutions / Firmware
2nd Generation Intel Xeon Scalable Processors
Hardware solutions / Firmware

Vendor: Intel

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper initialization in the BIOS firmware. A local user can run a specially crafted application to execute arbitrary code with escalated privileges on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Intel Xeon Scalable Processors: All versions

3rd Generation Intel Xeon Scalable Processors: All versions

2nd Generation Intel Xeon Scalable Processors: All versions

CPE

External links
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00717.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Multiple vulnerabilities in Certain HPE Apollo, XL Servers
Multiple vulnerabilities in Certain HPE Moonshot/Edgeline Servers
Multiple vulnerabilities in Certain HPE ProLiant BL/DL/ML Servers
Multiple vulnerabilities in Certain HPE ProLiant BL/DL/ML Servers
Multiple vulnerabilities in Certain HPE Proliant DX Servers
Multiple vulnerabilities in Certain HPE Synergy Servers
Dell client platform security update Intel firmware
Multiple vulnerabilities in Dell PowerEdge Server firmware
Multiple vulnerabilities in Intel BIOS firmware for Intel processors