CVE-2022-29510
6.7
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD
Description
Improper buffer restrictions in some Intel(R) Server Board M10JNP2SB BIOS firmware before version 7.219 may allow a privileged user to potentially enable escalation of privilege via local access.
Affected (36)
Products: Intel: Compute Module Hns2600bp Firmware, Compute Module Hns2600bpb Firmware, Compute Module Hns2600bpb24 Firmware, Compute Module Hns2600bpb24r Firmware, Compute Module Hns2600bpblc Firmware, Compute Module Hns2600bpblc24 Firmware, Compute Module Hns2600bpblc24r Firmware, Compute Module Hns2600bpblcr Firmware, Compute Module Hns2600bpbr Firmware, Compute Module Hns2600bpbrct Firmware, Compute Module Hns2600bpq Firmware, Compute Module Hns2600bpq24 Firmware, Compute Module Hns2600bpq24r Firmware, Compute Module Hns2600bpqr Firmware, Compute Module Hns2600bpr Firmware, Compute Module Hns2600bps Firmware, Compute Module Hns2600bps24 Firmware, Compute Module Hns2600bps24r Firmware, Compute Module Hns2600bpsr Firmware, Server Board M10jnp2sb Firmware, Server Board M20ntp2sb Firmware, Server Board M70klp2sb Firmware, Server Board S2600bpb Firmware, Server Board S2600bpbr Firmware, Server Board S2600bpq Firmware, Server Board S2600bpqr Firmware, Server Board S2600bps Firmware, Server Board S2600bpsr Firmware, Server System M20ntp1ur304 Firmware, Server System M70klp4s2uhh Firmware, Server System Mcb2208wfaf5 Firmware, Server System Vrn2224bpaf6 Firmware, Server System Vrn2224bphy6 Firmware, Server System Zsb2224bpaf1 Firmware, Server System Zsb2224bpaf2 Firmware, Server System Zsb2224bphy1 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Compute Module Hns2600bp | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Compute Module Hns2600bpb | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Compute Module Hns2600bpb24 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Compute Module Hns2600bpb24r | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Compute Module Hns2600bpblc | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Compute Module Hns2600bpblc24 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Compute Module Hns2600bpblc24r | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Compute Module Hns2600bpblcr | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Compute Module Hns2600bpbr | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Compute Module Hns2600bpbrct | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Compute Module Hns2600bpq | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Compute Module Hns2600bpq24 | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Compute Module Hns2600bpq24r | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Compute Module Hns2600bpqr | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Compute Module Hns2600bpr | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Compute Module Hns2600bps | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Compute Module Hns2600bps24 | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Compute Module Hns2600bps24r | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Compute Module Hns2600bpsr | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Before 7.219 |
| Running on/with | Platform Versions |
|---|---|
Intel Server Board M10jnp2sb | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Before 0022.d02 |
| Running on/with | Platform Versions |
|---|---|
Intel Server Board M20ntp2sb | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Before 01.04.0029 |
| Running on/with | Platform Versions |
|---|---|
Intel Server Board M70klp2sb | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Server Board S2600bpb | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Server Board S2600bpbr | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Server Board S2600bpq | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Server Board S2600bpqr | All versions |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Server Board S2600bps | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Server Board S2600bpsr | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 0022.d02 |
| Running on/with | Platform Versions |
|---|---|
Intel Server System M20ntp1ur304 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 01.04.0029 |
| Running on/with | Platform Versions |
|---|---|
Intel Server System M70klp4s2uhh | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Server System Mcb2208wfaf5 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Server System Vrn2224bpaf6 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Server System Vrn2224bphy6 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Server System Zsb2224bpaf1 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Server System Zsb2224bpaf2 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.01.0015 |
| Running on/with | Platform Versions |
|---|---|
Intel Server System Zsb2224bphy1 | All versions |
Related CWEs
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-92
DEPRECATED: Improper Sanitization of Custom Special Characters
This entry has been deprecated. It originally came from PLOVER, which sometimes defined "other" and "miscellaneous" categories in order to satisfy exhaustiveness requirements for taxonomies. Within the context of CWE, the use of a more abstract entry is preferred in mapping situations. CWE-75 is a more appropriate mapping.
References (2)
Source: secure@intel.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.