A potential security vulnerability in some Intel® Server Board BMC video drivers may allow escalation of privilege. Intel is releasing updates to mitigate this potential vulnerability.
CVEID: CVE-2023-34355
Description: Uncontrolled search path element for some Intel® Server Board M10JNP2SB integrated BMC video drivers before version 3.0 for Microsoft Windows and before version 1.13.4 for linux may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Intel® Server Board M10JNP2SB Integrated BMC Video Drivers before version 3.0 for Microsoft Windows and before version 1.13.4 for Linux.
Intel recommends updating Integrated BMC Video Driver for Server Systems Based on the Intel® Server Board M10JNP2SB to version 3.0 or later for Microsoft Windows.
Updates are available for download at this location:
<https://www.intel.com/content/www/us/en/download/19467/integrated-bmc-video-driver-for-server-systems-based-on-the-intel-server-board-m10jnp2sb.html>
Intel recommends updating Integrated BMC Video Driver for Server Systems Based on the Intel® Server Board M10JNP2SB to version 1.13.4 or later for Linux.
Updates are available for download at this location:
<https://www.intel.com/content/www/us/en/download/19578/integrated-bmc-video-driver-linux-for-server-systems-based-on-the-intel-server-board-m10jnp2sb.html>
Intel would like to thank Falcon Corruption @falconCorrup for reporting this issue.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.