Potential security vulnerabilities in some Intel® Server Board and Server System BIOS firmware may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities.
CVEID: CVE-2023-34431
Description: Improper input validation in some Intel® Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access
CVSS Base Score: 8.2 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2022-33945
Description: Improper input validation in some Intel® Server board and Intel® Server System BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 8.2 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2022-29262
Description: Improper buffer restrictions in some Intel® Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.9 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
CVEID: CVE-2022-24379
Description: Improper input validation in some Intel® Server System M70KLP Family BIOS firmware before version 01.04.0029 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2022-29510
Description: Improper buffer restrictions in some Intel® Server Board M10JNP2SB BIOS firmware before version 7.219 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Intel® Server M20NTP Family BIOS firmware before version 0022.D02 in the following products:
Intel® Server System M70KLP Family BIOS firmware before version 01.04.0029 in the following products:
Intel® Server Board M10JNP2SB Family BIOS firmware before version 7.219 in the following products:
Intel® Server Board S2600BP Family BIOS firmware before version 02.01.0015 in the following products:
Intel recommends updating the firmware for the affected Intel® Server Board and Intel® Server System to the latest versions:
Intel would like to thank Yngweijw (Jiawei Yin) (CVE-2023-34431, CVE-2022-33945, CVE-2022-29262), the BINARLY efiXplorer team and Aviram Shemesh (Kameleon) (CVE-2022-29510), and Dmitry Frolov (CVE-2022-24379) for reporting these issues.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.