Vulnerability Description
Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Score
6.7
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Intel | Lapbc510 Firmware | < bctgl357.0065 |
| Intel | Lapbc510 | - |
| Intel | Lapbc710 Firmware | < bctgl357.0065 |
| Intel | Lapbc710 | - |
| Intel | Lapkc71F Firmware | < kctgl357.0040 |
| Intel | Lapkc71F | - |
| Intel | Lapkc71E Firmware | < kctgl357.0040 |
| Intel | Lapkc71E | - |
| Intel | Lapkc51E Firmware | < kctgl357.0040 |
| Intel | Lapkc51E | - |
| Intel | Nuc11Dbbi9 Firmware | < dbtgl579.0055 |
| Intel | Nuc11Dbbi9 | - |
| Intel | Nuc11Dbbi7 Firmware | < dbtgl579.0055 |
| Intel | Nuc11Dbbi7 | - |
| Intel | Nuc11Btmi7 Firmware | < dbtgl579.0055 |
| Intel | Nuc11Btmi7 | - |
| Intel | Nuc11Btmi9 Firmware | < dbtgl579.0055 |
| Intel | Nuc11Btmi9 | - |
| Intel | Nuc 11 Compute Element Cm11Ebc4W Firmware | < ebtgl357.0057 |
| Intel | Nuc 11 Compute Element Cm11Ebc4W | - |
References
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00654.PatchVendor Advisory
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00654.PatchVendor Advisory
FAQ
What is CVE-2022-24297?
CVE-2022-24297 is a vulnerability with a CVSS score of 6.7 (MEDIUM). Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.
How severe is CVE-2022-24297?
CVE-2022-24297 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24297?
Check the references section above for vendor advisories and patch information. Affected products include: Intel Lapbc510 Firmware, Intel Lapbc510, Intel Lapbc710 Firmware, Intel Lapbc710, Intel Lapkc71F Firmware.