Potential security vulnerabilities in some Intel® NUC BIOS firmware may allow escalation of privilege, information disclosure or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities.
CVEID: CVE-2023-42429
Description: Improper buffer restrictions in some Intel® NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2023-38587
Description: Improper input validation in some Intel® NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2023-42766
Description: Improper input validation in some Intel® NUC 8 Compute Element BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Product | Download Link | CVE ID |
---|---|---|
Intel® NUC 8 Compute Element: |
CM8v5CB, CM8v7CB | CBWHLMIV.103 | CVE-2023-42766
Intel® NUC 8 Home:
NUC8i3BEHFA, NUC8i5BEHFA, NUC8i5BEKPA
Intel® NUC 8 Enthusiast:
NUC8i7BEHGA, NUC8i7BEKQA
Intel® NUC Kit:
NUC8i3BEH, NUC8i3BEK, NUC8i5BEH
NUC8i5BEK, NUC8i7BEH, NUC8i3BEHS
NUC8i5BEHS, NUC8i7BEK | BECFL357.0095 | CVE-2023-38587
Intel® NUC 7 Essential:
NUC7CJYSAL, NUC7CJYSAMN
Intel® NUC Kit:
NUC7CJYHN, NUC7CJYH, NUC7PJYHN, NUC7PJYH | JYGLKCPX.0071 | CVE-2023-42429
Intel recommends updating the affected Intel® NUC BIOS firmware to the latest version (see provided table above).
After January 15th, 2024 please refer to theNUC transition pagefor updates to affected products.
Intel would like to thank Yngweijw and Eason for reporting these issues.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.