2022.3 IPU – BIOS Advisory

Summary:

Potential security vulnerabilities in the BIOS firmware for some Intel® Processors may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2022-26006

Description: Improper input validation in the BIOS firmware for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2022-21198

Description: Time-of-check time-of-use race condition in the BIOS firmware for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.9 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

Affected Products:

CVE-2022-26006

Product Collection

|

Vertical Segment

|

CPU ID

|

Platform ID

—|—|—|—

Intel® Xeon® Processor E5 v3 Family

|

Server

|

306F2

|

6F

Intel® Xeon® Processor E5 v4 Family,
Intel® Core™ X-Series Processors

|

Server

|

406F1

|

EF

1This product has met its End of Servicing Updates (ESU). For customers interested in extending updates beyond ESU, please contact your Intel representative for details.

_ _

CVE-2022-21198

Product Collection

|

Vertical Segment

|

CPU ID

|

Platform ID

—|—|—|—

11th Gen Intel® Core™ processor

Intel® Xeon® W processor

|

Server, Workstation

|

A0671

|

02

11th Gen Intel® Core™ processor family

|

Desktop

|

A0671

|

02

11th Generation Intel® Core Processor Family

|

Mobile

|

806D1

806C1

806C2

|

C2

80

12th Generation Intel® Core™ Processor Family

Intel® Pentium® Gold Processor Family

Intel® Celeron® Processor Family

|

Desktop

|

90672

90675

|

01

12th Generation Intel® Core Processor Family

|

Mobile

|

906A3
906A4

|

11

12th Generation Intel® Core™ Processor Family

Intel® Pentium® Gold Processor Family

Intel® Celeron® Processor Family

|

Mobile

|

906A4

|

07

10th Generation Intel® Core™ Processor Family

|

Mobile

|

706E5

|

80

Intel® Core™ Processors with Intel® Hybrid Technology

|

Mobile

|

806A1

|

10

Intel® Pentium® Silver N6000 Processor Family, Intel® Celeron® N4000 and N5000 Processor Families

|

Desktop,

Mobile

|

906C0

|

01

10th Generation Intel® Core™ Processors

|

Desktop,

Workstation

|

A0653

A0655

|

22

10th Generation Intel® Core™ Processors

Intel® Xeon® W processor family

|

Mobile,

Workstation

|

A0660

A0661

|

80

10th Generation Intel® Core™ Processor Family

Intel® Xeon® W processor family

|

Mobile,

Workstation

|

A0652

|

20

10th Gen Intel® Core™ processor

10000/1200 series

Pentium® Gold processor series

Celeron® processor 5000 series

|

Mobile

|

806EC

|

94

Recommendations:

Intel recommends that users of listed Intel® Processors update to the latest versions provided by the system manufacturer that addresses these issues.

Acknowledgements:

These issues were found internally by Intel employees.****

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.