Intel ® NUC BIOS Firmware Advisory

Summary:

Potential security vulnerabilities in some Intel® NUC firmware may allow escalation of privilege, denial of service or information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2022-36339

Description: Improper input validation in firmware for Intel® NUC 8 Compute Element, Intel® NUC 11 Compute Element, Intel® NUC 12 Compute Element may allow a privileged user to enable escalation of privilege via local access.

CVSS Base Score: 7.5 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2022-34147

Description: Improper input validation in BIOS firmware for some Intel® NUC 9 Extreme Laptop Kits, Intel® NUC Performance Kits, Intel® NUC Performance Mini PC, Intel® NUC 8 Compute Element, Intel® NUC Pro Kit, Intel® NUC Pro Board, and Intel® NUC Compute Element may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.5 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2022-28699

Description: Improper input validation for some Intel® NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.5 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2023-22312

Description: Improper access control for some Intel® NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

CVEID: CVE-2022-32766

Description: Improper input validation for some Intel® BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

CVEID: CVE-2022-37327

Description: Improper input validation in BIOS firmware for Intel® NUC, Intel® NUC Performance Kit, Intel® NUC Performance Mini PC, Intel® NUC 8 Compute Element, Intel® NUC Pro Kit, Intel® NUC Pro Board, Intel® NUC 11 Compute Element, Intel® NUC 12 Compute Element, Intel® NUC Extreme, Intel® NUC 12 Extreme Compute Element, Intel® NUC Laptop Kit, Intel® NUC Enthusiast, Intel® NUC Essential, Intel® NUC Laptop Kit, Intel® NUC Extreme Compute Element, Intel® NUC Boards, Intel® NUC Pro Compute Element, Intel® NUC Rugged may allow a privileged user to enable information disclosure via local access.

CVSS Base Score: 6.1 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N

CVEID: CVE-2023-25771

Description: Improper access control for some Intel® NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access.

CVSS Base Score: 5.8 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:H

CVEID: CVE-2022-32582

Description: Improper access control in firmware for some Intel® NUC Boards, Intel® NUC 11 Performance Kit, Intel® NUC 11 Performance Mini PC, Intel® NUC Pro Compute Element may allow a privileged user to potentially enable denial of service via local access.

CVSS Base Score: 5.3 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H

CVEID: CVE-2022-31477

Description: Improper initialization for some Intel® NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.

CVSS Base Score: 4.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

CVEID: CVE-2022-32577

Description: Improper input validation in BIOS Firmware for some Intel® NUC Kits before version PY0081 may allow a privileged user to potentially enable information disclosure or denial of service via local access

CVSS Base Score: 3.4 Low

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Affected Products:

Product

|

Download Link

|

CVE ID

—|—|—
**Intel® NUC 9 Extreme Laptop Kits: LAPQC71A, LAPQC71B, LAPQC71C, LAPQC71D ** |

QCCFL357.0158

|

CVE-2022-34147

Intel® NUC Performance Kit, Intel® NUC Performance Mini PC:

NUC10i3FNH, NUC10i3FNHF, NUC10i3FNHFA, NUC10i3FNHJA, NUC10i3FNHN, NUC10i3FNK, NUC10i3FNKN, NUC10i5FNH, NUC10i5FNHCA, NUC10i5FNHF, NUC10i5FNHJA, NUC10i5FNHJ, NUC10i5FNHN, NUC10i5FNK, NUC10i5FNKN, NUC10i5FNKPA, NUC10i5FNKP, NUC10i7FNH, NUC10i7FNHAA, NUC10i7FNHC, NUC10i7FNHJA, NUC10i7FNHN, NUC10i7FNK, NUC10i7FNKN, NUC10i7FNKP, NUC10i7FNKPA

|

FNCML357.0059

|

CVE-2022-34147
CVE-2022-37327

Intel® NUC 8 Compute Element:

CM8i3CB4N, CM8i5CB8N, CM8i7CB8N, CM8CCB4R, CM8PCB4R

|

CBWHL357.0101

|

CVE-2022-34147
CVE-2022-36339
CVE-2022-37327
CVE-2023-25771

Intel® NUC Pro Kit, Intel NUC Pro Board:

NUC8i3PNB, NUC8i3PNH, NUC8i3PNK

|

PNWHL357.0050

|

CVE-2022-34147
CVE-2022-37327
CVE-2023-25771

Intel® NUC Extreme Kit, Intel NUC Compute Element:

NUC9i5QN, NUC9i7QN, NUC9i9QN

|

QXCFL579.0071

|

CVE-2022-34147

Intel® NUC 11 Performance Kit, Intel NUC 11 Performance Mini PC:

NUC11PAHi3, NUC11PAHi30Z, NUC11PAKi3, NUC11PAHi5, NUC11PAHi50Z, NUC11PAKi5, NUC11PAQi50WA, NUC11PAHi7, NUC11PAHi70Z, NUC11PAKi7, NUC11PAQi70QA

|

PATGL357.0050

|

CVE-2022-32582
CVE-2023-22312
CVE-2022-31477

Intel® NUC 11 Compute Element:

CM11EBi38W, CM11EBi58W, CM11EBi716W, CM11EBC4W

|

EBTGL357.0071

|

CVE-2022-36339
CVE-2022-37327
CVE-2023-22312
CVE-2022-31477

Intel® NUC Kit:

NUC5CPYH, NUC5PGYH, NUC5PPYH

|

PYBSWCEL.0081

|

CVE-2022-32577

Intel® NUC 12 Compute Element:

ELM12HBi3, ELM12HBi5, ELM12HBi7, ELM12HBC

|

HBADL357.0052

|

CVE-2022-36339
CVE-2022-37327

Intel® NUC Extreme, Intel® NUC 12 Extreme Compute Element:

NUC12DCMi7, NUC12EDBi7, NUC12DCMi9, NUC12EDBi9

|

EDADL579.0056

|

CVE-2022-37327

Intel® NUC Laptop Kit:

LAPRC510, LAPRC710

|

RCADL357.0060

|

CVE-2022-37327

Intel® NUC Pro Board, Intel® NUC Pro Kit:

NUC12WSBi3, NUC12WSBi30Z, NUC12WSHi3, NUC12WSHi30L, NUC12WSHi30Z, NUC12WSKi3, NUC12WSKi30Z, NUC12WSBi5, NUC12WSBi50Z, NUC12WSHi5, NUC12WSHi50Z, NUC12WSKi5, NUC12WSKi50Z, NUC12WSBi70Z, NUC12WSHi7, NUC12WSHi70Z, NUC12WSKi7, NUC12WSKi70Z

|

WSADL357.0086

|

CVE-2022-37327

Intel® NUC Laptop Kits:

LAPAC71H, LAPAC71G

|

ACADL357.0059

|

CVE-2022-37327

Intel® NUC Enthusiast:

NUC12SNKi72, NUC12SNKi72VA

|

SNADL357.0056

|

CVE-2022-37327

Intel® NUC Essential:

NUC11ATBC4, NUC11ATKC2, NUC11ATKC2, NUC11ATKC4, NUC11ATKPE

|

ATJSLCPX.0038

|

CVE-2022-37327

Intel® NUC Laptop Kit:

****LAPBC510, LAPBC710

|

BCTGL357.0078

|

CVE-2022-37327
CVE-2023-22312
CVE-2022-31477

Intel® NUC Laptop Kit: LAPKC51E, LAPKC71E
LAPKC71F

|

KCTGL357.0044

|

CVE-2022-37327
CVE-2023-22312
CVE-2022-31477

Intel® NUC Extreme Compute Element:

NUC11BTMi7, NUC11DBBi7, NUC11BTMi9, NUC11DBBi9

|

DBTGL579.0065

|

CVE-2022-37327
CVE-2023-22312
CVE-2022-31477

Intel® NUC Boards:

NUC11TNBi3, NUC11TNBi30Z, NUC11TNHi3, NUC11TNHi30L, NUC11TNHi30P, NUC11TNHi30Z, NUC11TNKi3, NUC11TNKi30Z, NUC11TNBi5, NUC11TNBi50Z, NUC11TNHi5, NUC11TNHi50L, NUC11TNHi50W, NUC11TNHi50Z, NUC11TNKi5, NUC11TNKi50Z, NUC11TNBi7, NUC11TNBi70Z, NUC11TNHi7, NUC11TNHi70L, NUC11TNHi70Q, NUC11TNHi70Z, NUC11TNKi7, NUC11TNKi70Z

|

TNTGL357.0070

|

CVE-2022-37327
CVE-2022-32582

Intel® NUC:

NUC11PHKi7C, NUC11PHKi7CAA

|

PHTGL579.0071

|

CVE-2022-37327
CVE-2023-22312
CVE-2022-31477

Intel® NUC Pro Compute Element:

NUC9V7QNB, NUC9V7QNX, NUC9VXQNB, NUC9VXQNX

|

QNCFLX70.0071

|

CVE-2022-37327
CVE-2022-32582
CVE-2023-25771

Intel® NUC Rugged Kit:

NUC8CCHB, NUC8CCHBN, NUC8CCHKRN, NUC8CCHKR

|

CHAPLCEL.0061

|

CVE-2022-37327
CVE-2023-22312
CVE-2022-28699

Intel® NUC Mini PC, Intel® NUC Enthusiast, Intel® NUC Kit:

NUC8i5BEHFA, NUC8i3BEHFA, NUC8i5BEKPA, NUC8i7BEHGA, NUC8i7BEKQA, NUC8i7BEH, NUC8i5BEK, NUC8i5BEH, NUC8i3BEK, NUC8i3BEH, NUC8i7BEK, NUC8i5BEHS, NUC8i3BEHS

|

BECFL357.0092

|

CVE-2023-25771

Intel® NUC Business, Intel® NUC Enthusiast, Intel® NUC Kit:

NUC8i7HNKQC, NUC8i7HVKVA, NUC8i7HVKVAW, NUC8i7HVK, NUC8i7HNK

|

HNKBKi70.0070

|

CVE-2023-25771
CVE-2022-28699

Intel® Compute Element:

STK2mv64CC

|

CCSKLm5v.0067

|

CVE-2023-25771
CVE-2022-28699
CVE-2022-32766

Intel® NUC 7 Essential, Intel® NUC Kit:

****NUC7CJYSAMN, NUC7CJYSAL, NUC7CJYHN, NUC7PJYHN, NUC7PJYH, NUC7CJYH

|

AYAPLCEL.0074

|

CVE-2023-25771
CVE-2022-28699

Intel® NUC Mini PC, Intel® NUC Kit, Intel® NUC Enthusiast, Intel® NUC Board:

NUC7i5BNHXF, NUC7i3BNHXF, NUC7i5BNKP, NUC7i5BNHX1, NUC7i5BNH, NUC7i3BNK, NUC7i5BNK, NUC7i7BNH, NUC7i3BNH, NUC7i7BNHX1, NUC7i7BNHXG, NUC7i3BNHX1, NUC7i7BNKQ, NUC7i3BNB, NUC7i5BNB, NUC7i7BNB

|

BNKBL357.0089

|

CVE-2023-25771

Intel® NUC Mini PC:

NUC8i3CYSM, NUC8i3CYSN

|

CYCNLi35.0054

|

CVE-2023-25771

Intel® NUC Kit, Intel® NUC Mini PC:

NUC8i7INH, NUC8i5INH, NUC8i7INH, NUC8i5INH

|

INWHL357.0047

|

CVE-2023-25771
CVE-2022-28699

Intel® NUC Pro Kit, Intel® NUC Pro Board, Intel® NUC Pro Mini PC:

NUC11TNKv50Z, NUC11TNHv70L, NUC11TNHv50L, NUC11TNKv5, NUC11TNKv7, NUC11TNHv5, NUC11TNHv7, NUC11TNBv7, NUC11TNBv5, NUC11TNKv5, NUC11TNKv7

|

TNTGLV57.0071

|

CVE-2023-22312
CVE-2022-31477

Intel® NUC 7 Essential, Intel® NUC Kit:

NUC7CJYSAMN, NUC7CJYSAL, NUC7CJYHN, NUC7PJYHN, NUC7PJYH, NUC7CJYH

|

JYGLKCPX.0069

|

CVE-2023-25771
CVE-2022-28699

Recommendations:

Intel recommends that users update to the latest version (see provided table).

Acknowledgements:

Intel would like to thank Yngweijw (Jiawei Yin) for reporting these issues.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.