Intel® XMM™ 7560 Modem Software Advisory

Summary:

Potential security vulnerabilities in some Intel® XMM™ 7560 Modem software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2022-26513

Description: Out-of-bounds write in some Intel® XMM™ 7560 Modem software before version M2_7560_R_01.2146.00 and M2_7560_V2_01.2146.00 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

CVSS Base Score: 8.0 High

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

CVEID: CVE-2022-27874

Description: Improper authentication in some Intel® XMM™ 7560 Modem software before version M2_7560_R_01.2146.00 and M2_7560_V2_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access.

CVSS Base Score: 6.8 Medium

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

CVEID: CVE-2022-28611

Description: Improper input validation in some Intel® XMM™ 7560 Modem software before version M2_7560_R_01.2146.00 and M2_7560_V2_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access.

CVSS Base Score: 6.8 Medium

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

CVEID: CVE-2022-26369

Description: Out-of-bounds read in some Intel® XMM™ 7560 Modem software before version M2_7560_R_01.2146.00 and M2_7560_V2_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access.

CVSS Base Score: 6.2 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CVEID: CVE-2022-28126

Description: Improper input validation in some Intel® XMM™ 7560 Modem software before version M2_7560_R_01.2146.00 and M2_7560_V2_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

CVEID: CVE-2022-26367

Description: Improper buffer restrictions in some Intel® XMM™ 7560 Modem software before version M2_7560_R_01.2146.00 and M2_7560_V2_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CVEID: CVE-2022-26079

Description: Improper conditions check in some Intel® XMM™ 7560 Modem software before version M2_7560_R_01.2146.00 and M2_7560_V2_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

CVEID: CVE-2022-27639

Description: Incomplete cleanup in some Intel® XMM™ 7560 Modem software before version M2_7560_R_01.2146.00 and M2_7560_V2_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access.

CVSS Base Score: 5.4 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H

CVEID: CVE-2022-26045

Description: Improper buffer restrictions in some Intel® XMM™ 7560 Modem software before version M2_7560_R_01.2146.00 and M2_7560_V2_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access.

CVSS Base Score: 3.3 Low

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L

Affected Products:

Intel® XMM™ 7560 Modem M.2 software for Windows or Linux before version M2_7560_R_01.2146.00.

Intel® XMM™ 7560 Modem M.2 software for Windows or Linux before version M2_7560_V2_01.2146.00.

Recommendations:

Intel recommends that users of Intel® XMM™ 7560 Modem M.2 software for Windows or Linux update to the latest version provided by the system manufacturer that addresses these issues.

Acknowledgements:

These issues were found internally by Intel employee Bharats Chandra.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.