Intel® Server Board BMC Video Driver Advisory

Summary:

A potential security vulnerability in some Intel® Server Board BMC video drivers may allow escalation of privilege. Intel is releasing updates to mitigate this potential vulnerability.

Vulnerability Details:

CVEID: CVE-2023-34355

Description: Uncontrolled search path element for some Intel® Server Board M10JNP2SB integrated BMC video drivers before version 3.0 for Microsoft Windows and before version 1.13.4 for linux may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Products:

Intel® Server Board M10JNP2SB Integrated BMC Video Drivers before version 3.0 for Microsoft Windows and before version 1.13.4 for Linux.

Recommendation:

Intel recommends updating Integrated BMC Video Driver for Server Systems Based on the Intel® Server Board M10JNP2SB to version 3.0 or later for Microsoft Windows.

Updates are available for download at this location:
<https://www.intel.com/content/www/us/en/download/19467/integrated-bmc-video-driver-for-server-systems-based-on-the-intel-server-board-m10jnp2sb.html&gt;

Intel recommends updating Integrated BMC Video Driver for Server Systems Based on the Intel® Server Board M10JNP2SB to version 1.13.4 or later for Linux.

Updates are available for download at this location:
<https://www.intel.com/content/www/us/en/download/19578/integrated-bmc-video-driver-linux-for-server-systems-based-on-the-intel-server-board-m10jnp2sb.html&gt;

Acknowledgements:

Intel would like to thank Falcon Corruption @falconCorrup for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.