Potential security vulnerabilities in BIOS firmware for some Intel® Processors may allow escalation of privilege and information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities.
CVEID: CVE-2022-33894
Description: Improper input validation in the BIOS firmware for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2022-38087
Description: Exposure of resource to wrong sphere in BIOS firmware for some Intel® Processors may allow a privileged user to potentially enable information disclosure via local access.
CVSS Base Score: 4.1 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Product Collection
|
Vertical Segment
|
CPU ID
|
Platform ID
—|—|—|—
8th Generation Intel® Core™ Processor Family
9th Generation Intel® Core™ Processor Family
|
Mobile
Desktop
|
906EA
906EB
906EC
906ED
|
22
Intel® Xeon® Processor E Family
|
Server, Workstation
|
906EA
906ED
|
22
8th Generation Intel® Core™ Processor Family
|
Mobile
|
806EA
|
C0
8th Generation Intel® Core™ Processors
|
Mobile, Embedded
|
806EC
806EB
|
D0
94
7th Generation Intel® Core™ Processor Family
|
Desktop
|
906E9
|
2A
7th Generation Intel® Core™ Processor Family
|
Mobile
|
806E9
806EA
|
C0
8th Generation Intel® Core™ Processor Family
10th Generation Intel® Core™ Processor Family
|
Mobile
|
806E9
806EC
|
10
94
10th Generation Intel® Core™ Processor Family
|
Mobile
Desktop
|
A0652
A0653
A0655
A0660
A0661
806EC
|
20
01
22
80
80
07
Product Collection
|
Vertical Segment
|
CPU ID
|
Platform ID
—|—|—|—
8th Generation Intel® Core™ Processor Family
10th Generation Intel® Core™ Processor Family
|
Mobile
|
806E9
806EC
|
10
94
8th Generation Intel® Core™ Processor Family
|
Mobile
|
806EA
|
C0
7th Generation Intel® Core™ Processor Family
|
Mobile
|
806E9
|
C0
8th Generation Intel® Core™ Processor Family
9th Generation Intel® Core™ Processor Family
|
Mobile
Desktop
|
906EA
906EB
906EC
906ED
|
22
Intel® Xeon® E Processor Family
|
Desktop,
Server,
Workstation
|
906EA
906ED
|
22
Intel® Xeon® E processor Family
7th Generation Intel® Core™ Processor Family
|
Server
Desktop
|
906E9
|
2A
Intel® Xeon® Scalable Processor Family
|
Server
|
50654
|
B7
8th Generation Intel® Core™ Processors
|
Mobile
|
806EB
806EC
|
D0
94
Intel® Xeon® Platinum P-8124, P-8136 processors,
Intel® Xeon® Scalable processor Family
|
Server
|
50653
50654
|
97
B7
Intel® Xeon® D Processor Family,
Intel® Xeon® W Processor Family
|
Server,
Desktop
|
50654
|
B7
Intel recommends that users of listed Intel® Processors update to the latest versions provided by the system manufacturer that addresses these issues.
Intel would like to thank Yngweijw (Jiawei Yin) (CVE-2022-33894) and the Binarly efiXplorer team (CVE-2022-38087) for reporting these issues.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.