Potential security vulnerabilities in some Intel® NUC Laptop Kits may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities.
CVEID: CVE-2022-28858
Description: Improper buffer restriction in the firmware for some Intel® NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 8.2 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2022-33209
Description: Improper input validation in the firmware for some Intel® NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 8.2 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2022-27493
Description: Improper initialization in the firmware for some Intel® NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable an escalation of privilege via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H__
CVEID: CVE-2022-34488
Description: Improper buffer restrictions in the firmware for some Intel® NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H****
CVEID: CVE-2022-32579
Description: Improper initialization in the firmware for some Intel® NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via physical access.
CVSS Base Score: 6.9 Medium
CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2022-34345
Description: Improper input validation in the firmware for some Intel® NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via physical access.
CVSS Base Score: 6.9 Medium
CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H****
Product
|
Download Link
|
CVE ID
—|—|—
Intel® NUC Rugged Kit: NUC8CCHB, NUC8CCHBN, NUC8CCHKRN, NUC8CCHKR.
|
|
CVE-2022-33209
CVE-2022-34488
Intel® NUC Laptop Kit:
LAPKC51E, LAPKC71E
LAPKC71F.
|
|
CVE-2022-33209
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488
Intel® NUC 11 Performance Kit, Intel NUC 11 Performance Mini PC:
NUC11PAHi3, NUC11PAHi30Z, NUC11PAKi3.
NUC11PAHi5, NUC11PAHi50Z, NUC11PAKi5, NUC11PAQi50WA.
NUC11PAHi7, NUC11PAHi70Z, NUC11PAKi7, NUC11PAQi70QA.
|
|
CVE-2022-33209
Intel® NUC Pro Compute Element:
NUC9V7QNB, NUC9V7QNX,
NUC9VXQNB, NUC9VXQNX.
|
|
CVE-2022-33209
CVE-2022-34488
Intel® NUC 8 Compute Element:
CM8i3CB4N, CM8i5CB8N,
CM8i7CB8N, CM8CCB4R,
CM8PCB4R.
|
|
CVE-2022-33209
CVE-2022-34345
CVE-2022-34488
Intel® NUC:
NUC11PHKi7C, NUC11PHKi7CAA.
|
|
CVE-2022-33209
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488
Intel® NUC Extreme Compute Element:
NUC11BTMi7, NUC11DBBi7,
NUC11BTMi9, NUC11DBBi9.
|
|
CVE-2022-33209
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488
Intel® NUC Laptop Kit:
LAPRC510, LAPRC710.
|
|
CVE-2022-33209
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488
Intel® NUC Laptop Kit:
LAPBC510, LAPBC710.
|
|
CVE-2022-33209
CVE-2022-27493
CVE-2022-28858
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488
Intel® NUC Performance Kit
Intel® NUC Performance Mini PC:
NUC10i3FNH, NUC10i3FNHF, NUC10i3FNHFA, NUC10i3FNHJA, NUC10i3FNHN, NUC10i3FNK,
NUC10i3FNKN.
NUC10i5FNH, NUC10i5FNHCA, NUC10i5FNHF, NUC10i5FNHJA, NUC10i5FNHJ, NUC10i5FNHN,
NUC10i5FNK, NUC10i5FNKN, NUC10i5FNKPA, NUC10i5FNKP.
NUC10i7FNH, NUC10i7FNHAA, NUC10i7FNHC, NUC10i7FNHJA, NUC10i7FNHN, NUC10i7FNK,
NUC10i7FNKN, NUC10i7FNKP, NUC10i7FNKPA.
|
|
CVE-2022-33209
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488
Intel® NUC Extreme, Intel® NUC 12 Extreme Compute Element:
NUC12DCMi7, NUC12EDBi7, NUC12DCMi9, NUC12EDBi9.
|
|
CVE-2022-33209
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488
Intel® NUC 12 Compute Element:
ELM12HBi3
ELM12HBi5
ELM12HBi7
ELM12HBC
|
|
CVE-2022-33209
CVE-2022-32579
CVE-2022-34488
Intel® NUC Enthusiast:
NUC12SNKi72, NUC12SNKi72VA
|
|
CVE-2022-33209
Intel® NUC 11 Compute Element:
CM11EBi38W
CM11EBi58W
CM11EBi716W
CM11EBC4W
|
|
CVE-2022-33209
CVE-2022-32579
CVE-2022-34488
Intel® NUC Pro Kit, Intel NUC Pro Board:
NUC8i3PNB, NUC8i3PNH
NUC8i3PNK
|
|
CVE-2022-33209
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488
Intel® NUC Pro Board, Intel® NUC Pro Kit:
NUC12WSBi3, NUC12WSBi30Z, NUC12WSHi3, NUC12WSHi30L, NUC12WSHi30Z, NUC12WSKi3,
NUC12WSKi30Z.
NUC12WSBi5, NUC12WSBi50Z, NUC12WSHi5, NUC12WSHi50Z, NUC12WSKi5, NUC12WSKi50Z,
NUC12WSBi70Z, NUC12WSHi7, NUC12WSHi70Z, NUC12WSKi7, NUC12WSKi70Z.
|
|
CVE-2022-33209
CVE-2022-34345
CVE-2022-34488
Intel® NUC Boards:
NUC11TNBi3, NUC11TNBi30Z, NUC11TNHi3, NUC11TNHi30L, NUC11TNHi30P, NUC11TNHi30Z,
NUC11TNKi3, NUC11TNKi30Z.
NUC11TNBi5, NUC11TNBi50Z, NUC11TNHi5, NUC11TNHi50L, NUC11TNHi50W, NUC11TNHi50Z,
NUC11TNKi5, NUC11TNKi50Z.
NUC11TNBi7, NUC11TNBi70Z, NUC11TNHi7, NUC11TNHi70L, NUC11TNHi70Q, NUC11TNHi70Z,
NUC11TNKi7, NUC11TNKi70Z.
|
|
CVE-2022-33209
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488
Intel® NUC Pro Kit, Intel® NUC Pro Board, Intel® NUC Pro Mini PC
NUC11TNKv50Z, NUC11TNHv70L, NUC11TNHv50L, NUC11TNKv5.
NUC11TNKv7, NUC11TNHv7, NUC11TNBv7, NUC11TNKv7.
NUC11TNBv5, NUC11TNKv5, NUC11TNHv5.
|
|
CVE-2022-33209
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488
Intel® NUC Essential:
NUC11ATBC4, NUC11ATKC2, NUC11ATKC2, NUC11ATKC4, NUC11ATKPE.
|
|
CVE-2022-33209
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488
Intel® NUC Laptop Kits:
LAPAC71H, LAPAC71G.
|
|
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488
Intel® NUC 13 Extreme Kit: NUC13RNGi5, NUC13RNGi7, NUC13RNGi9.
Intel® NUC 13 Extreme Compute Element:
NUC13SBBi5, NUC13SBBi7, NUC13SBBi9.
|
|
CVE-2022-34345
Intel® NUC Kit, Intel® NUC Mini PC
NUC8i7INH, NUC8i5INH
NUC8i7INH, NUC8i5INH
|
|
CVE-2022-34488
Intel recommends updating the affected Intel® NUC BIOS firmware to the latest version (see provided table above).
We encourage customers to guard against unauthorized access to their systems.
Intel would like to thank the Binarly efiXplorer team for reporting these issues.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.