CVE-2022-29510 — HIGH (7.5)

Q: What is CVE-2022-29510?

CVE-2022-29510 is a vulnerability with a CVSS score of 7.5 (HIGH). Improper buffer restrictions in some Intel(R) Server Board M10JNP2SB BIOS firmware before version 7.219 may allow a privileged user to potentially enable escalation of privilege via local access.

Q: How severe is CVE-2022-29510?

CVE-2022-29510 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-29510?

Check the references section above for vendor advisories and patch information. Affected products include: Intel Compute Module Hns2600Bp Firmware, Intel Compute Module Hns2600Bp, Intel Compute Module Hns2600Bpb Firmware, Intel Compute Module Hns2600Bpb, Intel Compute Module Hns2600Bpb24 Firmware.

Vulnerability Description

Improper buffer restrictions in some Intel(R) Server Board M10JNP2SB BIOS firmware before version 7.219 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Intel	Compute Module Hns2600Bp Firmware	< 02.01.0015
Intel	Compute Module Hns2600Bp	-
Intel	Compute Module Hns2600Bpb Firmware	< 02.01.0015
Intel	Compute Module Hns2600Bpb	-
Intel	Compute Module Hns2600Bpb24 Firmware	< 02.01.0015
Intel	Compute Module Hns2600Bpb24	-
Intel	Compute Module Hns2600Bpb24R Firmware	< 02.01.0015
Intel	Compute Module Hns2600Bpb24R	-
Intel	Compute Module Hns2600Bpblc Firmware	< 02.01.0015
Intel	Compute Module Hns2600Bpblc	-
Intel	Compute Module Hns2600Bpblc24 Firmware	< 02.01.0015
Intel	Compute Module Hns2600Bpblc24	-
Intel	Compute Module Hns2600Bpblc24R Firmware	< 02.01.0015
Intel	Compute Module Hns2600Bpblc24R	-
Intel	Compute Module Hns2600Bpblcr Firmware	< 02.01.0015
Intel	Compute Module Hns2600Bpblcr	-
Intel	Compute Module Hns2600Bpbr Firmware	< 02.01.0015
Intel	Compute Module Hns2600Bpbr	-
Intel	Compute Module Hns2600Bpbrct Firmware	< 02.01.0015
Intel	Compute Module Hns2600Bpbrct	-

Related Weaknesses (CWE)

CWE-119 CWE-92

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.Vendor Advisory

FAQ

What is CVE-2022-29510?

CVE-2022-29510 is a vulnerability with a CVSS score of 7.5 (HIGH). Improper buffer restrictions in some Intel(R) Server Board M10JNP2SB BIOS firmware before version 7.219 may allow a privileged user to potentially enable escalation of privilege via local access.

How severe is CVE-2022-29510?

CVE-2022-29510 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-29510?

Check the references section above for vendor advisories and patch information. Affected products include: Intel Compute Module Hns2600Bp Firmware, Intel Compute Module Hns2600Bp, Intel Compute Module Hns2600Bpb Firmware, Intel Compute Module Hns2600Bpb, Intel Compute Module Hns2600Bpb24 Firmware.