Arm DS for Intel® SoC FPGA Software Advisory

Summary:

Potential security vulnerabilities in some Arm Development Studio (DS) for Intel® System-on-a-Chip (SoC) FPGA software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2022-43702(Non-Intel issued)

Description: Improper access control in some Arm DS for Intel® SoC FPGA installation software before version 2022.2 may allow an authentication user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.8 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2022-43701(Non-Intel issued)

Description: Incorrect default permissions in some Arm DS for Intel® SoC FPGA installation software before version 2022.2 may allow an authentication user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.8 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2022-43703(Non-Intel issued)

Description: Uncontrolled search path element in some Arm DS for Intel® SoC FPGA installation software before version 2022.2 may allow an authentication user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.8 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products:

Arm DS for Intel® SoC FPGA software before version 2022.2.

Recommendation:

Intel recommends that users of Arm DS for Intel® SoC FPGA software update to 2022.2 or later.

Updates are available for download at this location:

<https://www.intel.com/content/www/us/en/software-kit/763613&gt;

Acknowledgements:

Intel would like to thank FalconCorruption for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.