Potential security vulnerabilities in the Intel® Server Platform Services (SPS) firmware may allow escalation of privilege. Intel is releasing firmware updates to mitigate this potential vulnerability.
CVEID: CVE-2022-36348
Description: Active debug code in some Intel® SPS firmware before version SPS_E5_04.04.04.300.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 8.8 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2022-36794
Description: Improper condition check in some Intel® SPS firmware before version SPS_E3_06.00.03.300.0 may allow a privileged user to potentially enable denial of service via local access.
CVSS Base Score: 6.0 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Intel® SPS firmware before version SPS_E5_04.04.04.300.0.
Intel® SPS firmware before version SPS_E3_06.00.03.300.0.
Intel recommends that users of Intel® SPS update to the latest version provided by the system manufacturer that addresses these.
The following issues were found internally by Intel employees. Intel would like to thank Tomasz Bagniuk and Witold Kryszak.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.