Potential security vulnerabilities in some Intel® Server Boards and Server Systems may allow escalation of privilege or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities
CVEID: CVE-2022-30542
Description: Improper input validation in the firmware for some Intel® Server Board S2600WF, Intel® Server System R1000WF and Intel® Server System R2000WF families before version R02.01.0014 may allow a privileged user to potentially enable an escalation of privilege via local access.
CVSS Base Score: 8.2 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2021-0185
Description: Improper input validation in the firmware for some Intel® Server Board M10JNP Family before version 7.216 may allow a privileged user to potentially enable an escalation of privilege via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2022-25917
Description: Uncaught exception in the firmware for some Intel® Server Board M50CYP Family before version R01.01.0005 may allow a privileged user to potentially enable a denial of service via local access.
CVSS Base Score: 6.0 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H****
Intel recommends updating the firmware for the affected Intel® Server Boards and Server Systems to the latest version:
Intel® Server System R1000WF, R200WF and Intel® Server Board S2600WF Family updates are available here.
Intel® Server Board M50CYP Family updates are available here.
Intel® Server Board M10JNP Family updates are available here.
The following issues were found internally by Intel employees; CVE-2022-30542 and CVE-2022-25917. Intel would like to thank Jorge E. Gonzalez Diaz.
Intel would like to thank Dmitry Frolov (CVE-2021-0185) for reporting this issue.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.