Intel® PCSD BIOS Advisory

Summary:

A potential security vulnerability in some Intel® Product Collaboration and Systems Division (PCSD) system BIOS may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability.

Vulnerability Details:

CVEID: CVE-2022-34657

Description: Improper input validation in firmware for some Intel® PCSD BIOS before version 02.01.0013 may allow a privileged user to potentially enable information disclosure via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Affected Products:

Intel® PCSD BIOS before version 02.01.0013 in the following products:

• Intel® Server Board:
  • S2600WFT, S2600WFTF, S2600WFTR, S2600WFQ, S2600WFQR, S2600WF0, S2600WF0R.
• Intel® Server System:
  • R1208WFQYSR, R1208WFTYS, R1208WFTYSR.
  • R1304WF0YS, R1304WF0YSR, R1304WFTYS, R1304WFTYSR.
  • R2208WF0ZS, R2208WF0ZSR, R2208WFQZS, R2208WFQZSR, R2208WFTZS, R2208WFTZSR.
  • R2224WFQZS, R2224WFTZS, R2224WFTZSR.
  • R2308WFTZS, R2308WFTZSR.
  • R2312WF0NP, R2312WF0NPR, R2312WFQZS, R2312WFTZS, R2312WFTZSR.

Recommendation:

Intel recommends updating Intel® PCSD BIOS to version 02.01.0013 or later.

Updates are available for download at this location:

<https://www.intel.com/content/www/us/en/download/19078/&gt;

Acknowledgements:

This issue was found internally by an Intel employee. Intel would like to thank Jorge Gonzalez Diaz.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.