Intel Security CenterINTEL:INTEL-SA-007832023.3 IPU - Intel® Chipset Firmware Advisory
Summary:
Potential security vulnerabilities in the Intel® Converged Security Management Engine (CSME), Active Management Technology (AMT) and Intel® Standard Manageability software may allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities.
Vulnerability Details:
CVEID: CVE-2022-36392
Description: Improper input validation in some firmware for Intel® AMT and Intel® Standard Manageability before versions 11.8.94, 11.12.94, 11.22.94, 12.0.93, 14.1.70, 15.0.45, and 16.1.27 in Intel ® CSME may allow an unauthenticated user to potentially enable denial of service via network access.
CVSS Base Score: 8.6 High
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CVEID: CVE-2022-38102
Description: Improper Input validation in firmware for some Intel® Converged Security and Management Engine before versions 15.0.45, and 16.1.27 may allow a privileged user to potentially enable denial of service via local access.
CVSS Base Score: 7.2 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H
CVEID: CVE-2022-29871
Description: Improper access control in the Intel® CSME software installer before version 2306.4.10.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products:
Chipset/SOC
|
Versions Before
|
CVE ID
—|—|—
Intel Atom® processor X E3900 series
Intel® Pentium® processor J4000/N4000 series
Celeron® processor J3000/N3000 series
|
3.1.94
|
Intel® Pentium® processor J5000/N5000 series
Celeron® processor J4000/N4000 series
|
4.0.48
|
Intel® C420 Chipset
Intel® X299 Chipset
|
11.12.94
|
Intel® C420 Chipset
Intel® X299 Chipset
|
11.12.94
|
Intel® C230 Series Chipset
|
11.12.94
|
2nd Gen Intel® Xeon® Scalable processor
Intel® Xeon® W processor 3200 series
1st Gen Intel® Xeon® Scalable processor
Intel® Xeon® W processor 3100 series
|
11.22.94
|
8th Gen Intel® Core™ processor
|
11.8.94
|
Intel® 200 Series Chipset
Sunrise Point/Skylake
Intel® 100 Series Chipset
|
11.8.94
|
Intel® 300 Series Chipset
|
12.0.93
|
Intel® C240 Series Chipset
|
12.0.93
|
8th Gen Intel® Core™ processor
Pentium® Gold processor series (G54XXU)
Celeron® processor 4000 series
|
12.0.93
|
10th Gen Intel® Core™ processor
|
13.0.65
|
Intel® Core™ i5 L16G7
Intel® Core™ i3 L13G4
|
13.30.35
|
Pentium® Silver processor series
Celeron® processor N series
|
13.50.25
|
Intel® 400 Series Chipset
|
14.1.70
|
Intel® 400 Series Chipset
|
14.1.70
|
Intel® 400 Series Chipset
|
14.5.50
|
Intel Atom® x6000E series
Intel Pentium® and Celeron® N and J Series processors
|
15.0.45
|
Intel® 500 Series Chipset
|
15.0.45
|
CVE-2022-36392
CVE-2022-38102
CVE-2022-29871
Intel® C250 Series Chipset
|
15.0.45
|
Intel® 500 Series Chipset
|
15.0.45
|
CVE-2022-36392
CVE-2022-38102
CVE-2022-29871
Intel® 600 Series Chipset
|
16.1.27
|
CVE-2022-36392
CVE-2022-38102
CVE-2022-29871
Intel® CSME software installer before version 2306.4.10.0. Intel® CSME, Intel® AMT and Intel® Standard Manageability before versions 3.1.94, 4.0.48, 11.12.94, 11.22.94, 11.8.94, 12.0.93, 13.0.65, 13.30.35, 13.50.25, 14.1.70, 14.5.50, 15.0.45, and 16.1.27.
Recommendation:
Intel recommends that users of Intel® Converged Security Management Engine (CSME), Active Management Technology (AMT) and Intel® Standard Manageability software update to the latest version provided by the system manufacturer that addresses these issues.
Acknowledgements:
CVE-2022-29871 was found externally. CVE-2022-38102 and CVE-2022-36392 were found internally by Intel employees.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.
Related
