CVE-2022-29262 — HIGH (7.9)

Q: What is CVE-2022-29262?

CVE-2022-29262 is a vulnerability with a CVSS score of 7.9 (HIGH). Improper buffer restrictions in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Q: How severe is CVE-2022-29262?

CVE-2022-29262 has been rated HIGH with a CVSS base score of 7.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-29262?

Check the references section above for vendor advisories and patch information. Affected products include: Intel Server Board M70Klp2Sb Firmware, Intel Server Board M70Klp2Sb, Intel Server System M70Klp4S2Uhh Firmware, Intel Server System M70Klp4S2Uhh, Intel Server Board M20Ntp2Sb Firmware.

Vulnerability Description

Improper buffer restrictions in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Score

7.9

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Intel	Server Board M70Klp2Sb Firmware	< 01.04.0022
Intel	Server Board M70Klp2Sb	-
Intel	Server System M70Klp4S2Uhh Firmware	< 01.04.0022
Intel	Server System M70Klp4S2Uhh	-
Intel	Server Board M20Ntp2Sb Firmware	< 0022.d02
Intel	Server Board M20Ntp2Sb	-
Intel	Server System M20Ntp1Ur304 Firmware	< 0022.d02
Intel	Server System M20Ntp1Ur304	-
Intel	Server Board M10Jnp2Sb Firmware	< 7.219
Intel	Server Board M10Jnp2Sb	-
Intel	Server Board S2600Bpbr Firmware	< 02.01.0015
Intel	Server Board S2600Bpbr	-
Intel	Server Board S2600Bps Firmware	< 02.01.0015
Intel	Server Board S2600Bps	-
Intel	Server Board S2600Bpsr Firmware	< 02.01.0015
Intel	Server Board S2600Bpsr	-
Intel	Server Board S2600Bpqr Firmware	< 02.01.0015
Intel	Server Board S2600Bpqr	-
Intel	Server Board S2600Bpb Firmware	< 02.01.0015
Intel	Server Board S2600Bpb	-

Related Weaknesses (CWE)

CWE-92

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.PatchVendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.PatchVendor Advisory

FAQ

What is CVE-2022-29262?

CVE-2022-29262 is a vulnerability with a CVSS score of 7.9 (HIGH). Improper buffer restrictions in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

How severe is CVE-2022-29262?

CVE-2022-29262 has been rated HIGH with a CVSS base score of 7.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-29262?

Check the references section above for vendor advisories and patch information. Affected products include: Intel Server Board M70Klp2Sb Firmware, Intel Server Board M70Klp2Sb, Intel Server System M70Klp4S2Uhh Firmware, Intel Server System M70Klp4S2Uhh, Intel Server Board M20Ntp2Sb Firmware.