SB2023081547 - Multiple vulnerabilities in Intel BIOS firmware

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Improper access control (CVE-ID: CVE-2022-37343)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper access restrictions. A local user can execute arbitrary code with elevated privileges.

2) Input validation error (CVE-ID: CVE-2022-44611)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in the BIOS firmware. A remote attacker on the local network can send specially crafted input to the application and compromise the affected system.

3) Buffer overflow (CVE-ID: CVE-2022-27879)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a boundary error within the BIOS firmware. A local user can trigger memory corruption and gain access to sensitive information.

4) Improper Initialization (CVE-ID: CVE-2022-38083)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper initialization in the BIOS firmware. A local user can run a specially crafted application to execute arbitrary code with escalated privileges on the system.

5) Insufficient control flow management (CVE-ID: CVE-2022-43505)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient control flow management in the BIOS firmware. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00813.html