2023.1 IPU - Intel® Atom® and Intel® Xeon® Scalable Processors Advisory

Summary:

A potential security vulnerability in some Intel® Atom® and Intel® Xeon® Scalable Processors may allow escalation of privilege. Intel is releasing firmware updates to mitigate this potential vulnerability.

Vulnerability Details:

CVEID: CVE-2022-21216

Description: Insufficient granularity of access control in out-of-band management in some Intel® Atom® and Intel® Xeon® Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network access.

CVSS Base Score: 7.5 High

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L

---

Affected Products:

Product Collection

|

Vertical Segment

|

CPU ID

—|—|—

3rd Generation Intel® Xeon® Scalable Processors

|

Server

|

606A6

Intel Atom® P59xx Processors

|

Edge & Network

|

80664, 80665

Intel Atom® P53xx Processors

|

Edge & Network

|

80664, 80665

Intel Atom® C53xx Processors

|

Edge & Network

|

80667

Recommendations:

Intel recommends that users of Intel® 3rd Generation Intel® Xeon® Scalable Processors and Intel® Atom update to the latest version provided by the system manufacturer that addresses these issues.

Acknowledgements:

The following issue was found internally by Intel. Intel would like to thank Erik C. Bjorge, DCG Red Team.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.