CVE-2022-36372
6.7
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD
Description
Improper buffer restrictions in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.
Affected (34)
Products: Intel: Nuc 8 Compute Element Cm8i3cb4n Firmware, Nuc 8 Compute Element Cm8i5cb8n Firmware, Nuc 8 Compute Element Cm8i7cb8n Firmware, Nuc 8 Compute Element Cm8ccb4r Firmware, Nuc 8 Compute Element Cm8pcb4r Firmware, Nuc Pro Kit Nuc8i3pnb Firmware, Nuc Pro Kit Nuc8i3pnh Firmware, Nuc Pro Kit Nuc8i3pnk Firmware, Nuc Pro Board Nuc8i3pnb Firmware, Nuc Pro Board Nuc8i3pnh Firmware, Nuc Pro Board Nuc8i3pnk Firmware, Nuc Rugged Kit Nuc8cchb Firmware, Nuc Rugged Kit Nuc8cchbn Firmware, Nuc Rugged Kit Nuc8cchkrn Firmware, Nuc Rugged Kit Nuc8cchkr Firmware, Nuc Pro Compute Element Nuc9v7qnb Firmware, Nuc Pro Compute Element Nuc9v7qnx Firmware, Nuc Pro Compute Element Nuc9vxqnb Firmware, Nuc Pro Compute Element Nuc9vxqnx Firmware, Nuc Business Nuc8i7hnkqc Firmware, Nuc Business Nuc8i7hvkva Firmware, Nuc Business Nuc8i7hvkvaw Firmware, Nuc Business Nuc8i7hvk Firmware, Nuc Business Nuc8i7hnk Firmware, Nuc Enthusiast Nuc8i7hnkqc Firmware, Nuc Enthusiast Nuc8i7hvkva Firmware, Nuc Enthusiast Nuc8i7hvkvaw Firmware, Nuc Enthusiast Nuc8i7hvk Firmware, Nuc Enthusiast Nuc8i7hnk Firmware, Nuc Kit Nuc8i7hnkqc Firmware, Nuc Kit Nuc8i7hvkva Firmware, Nuc Kit Nuc8i7hvkvaw Firmware, Nuc Kit Nuc8i7hvk Firmware, Nuc Kit Nuc8i7hnk Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc 8 Compute Element Cm8i3cb4n | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc 8 Compute Element Cm8i5cb8n | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc 8 Compute Element Cm8i7cb8n | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc 8 Compute Element Cm8ccb4r | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc 8 Compute Element Cm8pcb4r | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc Pro Kit Nuc8i3pnb | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc Pro Kit Nuc8i3pnh | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc Pro Kit Nuc8i3pnk | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc Pro Board Nuc8i3pnb | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc Pro Board Nuc8i3pnh | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc Pro Board Nuc8i3pnk | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc Rugged Kit Nuc8cchb | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc Rugged Kit Nuc8cchbn | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc Rugged Kit Nuc8cchkrn | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc Rugged Kit Nuc8cchkr | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc Pro Compute Element Nuc9v7qnb | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc Pro Compute Element Nuc9v7qnx | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc Pro Compute Element Nuc9vxqnb | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc Pro Compute Element Nuc9vxqnx | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc Business Nuc8i7hnkqc | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc Business Nuc8i7hvkva | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc Business Nuc8i7hvkvaw | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc Business Nuc8i7hvk | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc Business Nuc8i7hnk | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc Enthusiast Nuc8i7hnkqc | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc Enthusiast Nuc8i7hvkva | All versions |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc Enthusiast Nuc8i7hvkvaw | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc Enthusiast Nuc8i7hvk | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc Enthusiast Nuc8i7hnk | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc Kit Nuc8i7hnkqc | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc Kit Nuc8i7hvkva | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc Kit Nuc8i7hvkvaw | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc Kit Nuc8i7hvk | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Intel Nuc Kit Nuc8i7hnk | All versions |
Related CWEs
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-92
DEPRECATED: Improper Sanitization of Custom Special Characters
This entry has been deprecated. It originally came from PLOVER, which sometimes defined "other" and "miscellaneous" categories in order to satisfy exhaustiveness requirements for taxonomies. Within the context of CWE, the use of a more abstract entry is preferred in mapping situations. CWE-75 is a more appropriate mapping.
References (2)
Source: secure@intel.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Timeline
No history available yet.