Potential security vulnerabilities in the BIOS firmware for some Intel® Processors may allow escalation of privilege or denial of service. Intel is releasing BIOS updates to mitigate these potential vulnerabilities.
CVEID: CVE-2023-25756
Description: Out-of-bounds read in the BIOS firmware for some Intel® Processors may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
CVSS Base Score: 4.6 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
CVEID: CVE-2023-22329
Description: Improper input validation in the BIOS firmware for some Intel® Processors may allow an authenticated user to potentially enable denial of service via adjacent access.
CVSS Base Score: 2.6 Low
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Product Collection
|
CVE ID
|
CPU ID
|
Platform ID
—|—|—|—
Intel® Celeron®: J6413, N6211.
Intel® Pentium®: J6425, N6415.
Intel® Atom®:
x6211E, x6413E, x6425E, x6212RE,
x6414RE, x6425RE, x6427FE, x6200FE.
|
|
90661
|
C2
8th Generation Intel® Core™ Processor Family, Intel® Pentium® Gold Processor Series, Intel® Celeron® Processor G Series, 9th Generation Intel® Core™ Processor Family
|
|
906EA
806EA
906ED
906EB
906EC
|
22
C0
10th Generation Intel® Core™ Processor Family
|
|
A0652
A0655
A0653
A0660
806EC
A0661
|
22
80
94
02
01
10th Generation Intel® Core™ Processor Family
|
|
706E5
|
80
Intel® Core®:
i7-11700T, i7-11700.
i5-11400T, i5-11400, i5-11500T, i5-11500.
|
|
A0671
|
02
11th Generation Intel® Core Processor Family
|
|
806C1
806C2
806D1
|
80
C2
12th Generation Intel® Core™ Processor Family, Intel® Pentium® Gold Processor Family, Intel® Celeron® Processor Family
|
|
906A4
906A3
90675
90672
|
80
07
01
12th Generation Intel® Core™ Processor Family, Intel® Pentium® Gold Processor Family, Intel® Celeron® Processor Family
|
|
B06E0
|
01
13th Generation Intel® Core™ Processor Family, Intel® Pentium® Gold Processor Family, Intel® Celeron® Processor Family
|
|
B0671
B06F2
B06F5
|
01
8th Generation Intel® Core™ Processors
|
|
806EB
806EC
|
D0
94
Intel recommends that users of listed Intel® Processors update to the latest versions provided by the system manufacturer that addresses these issues.
Intel would like to thank Jeremy Boone (@uffeux) for reporting these issues.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.