Potential security vulnerabilities in some Intel® NUC BIOS firmware may allow escalation of privilege or information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities.
CVEID: CVE-2022-34301(Non-Intel issued)
Description: Download of Code Without Integrity Check in some Intel® NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVEID: CVE-2022-34303(Non-Intel issued)
Description: Download of Code Without Integrity Check in some Intel® NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVEID: CVE-2022-34302(Non-Intel issued)
Description: Download of Code Without Integrity Check in some Intel® NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVEID: CVE-2023-40220
Description: Improper buffer restrictions in some Intel® NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.
CVSS Base Score: 5.3 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
CVEID: CVE-2023-40540
Description: Non-Transparent Sharing of Microarchitectural Resources in some Intel® NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.
CVSS Base Score: 4.1 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Product
|
Download Link
|
CVE ID
—|—|—
Intel® NUC Performance Kit and Mini PC:
NUC10i3FNH, NUC10i3FNHF, NUC10i3FNHFA, NUC10i3FNHJA, NUC10i3FNHN, NUC10i3FNK, NUC10i3FNKN.
NUC10i5FNH, NUC10i5FNHCA, NUC10i5FNHF, NUC10i5FNHJA, NUC10i5FNHJ, NUC10i5FNHN, NUC10i5FNK, NUC10i5FNKN, NUC10i5FNKPA, NUC10i5FNKP.
NUC10i7FNH, NUC10i7FNHAA, NUC10i7FNHC, NUC10i7FNHJA, NUC10i7FNHN, NUC10i7FNK, NUC10i7FNKN, NUC10i7FNKP, NUC10i7FNKPA.
|
|
Intel® NUC 8 Compute Element:
CM8i3CB4N, CM8i5CB8N, CM8i7CB8N, CM8CCB4R, CM8PCB4R.
|
|
CVE-2022-34301 CVE-2022-34302
CVE-2022-34303
Intel® NUC Pro Kit, Intel NUC Pro Board: NUC8i3PNB, NUC8i3PNH, NUC8i3PNK.
|
|
Intel® NUC 11 Performance Kit, Intel NUC 11 Performance Mini PC:
NUC11PAHi3, NUC11PAHi30Z, NUC11PAKi3, NUC11PAHi5, NUC11PAHi50Z, NUC11PAKi5, NUC11PAQi50WA, NUC11PAHi7, NUC11PAHi70Z, NUC11PAKi7, NUC11PAQi70QA.
|
|
CVE-2023-40540
CVE-2022-34301
CVE-2022-34302
CVE-2022-34303
Intel® NUC Pro Board, Intel® NUC Pro Kit:
NUC12WSBi3, NUC12WSBi30Z, NUC12WSHi3, NUC12WSHi30L, NUC12WSHi30Z, NUC12WSKi3, NUC12WSKi30Z.
NUC12WSBi5, NUC12WSBi50Z, NUC12WSHi5, NUC12WSHi50Z, NUC12WSKi5, NUC12WSKi50Z.
NUC12WSBi70Z, NUC12WSHi7, NUC12WSHi70Z, NUC12WSKi7, NUC12WSKi70Z.
|
|
Intel® NUC Enthusiast:
NUC12SNKi72, NUC12SNKi72VA.
|
|
Intel® NUC Essential:
NUC11ATBC4, NUC11ATKC2, NUC11ATKC2, NUC11ATKC4, NUC11ATKPE.
|
|
Intel® NUC Laptop Kit: LAPBC510, LAPBC710.
|
|
Intel® NUC Laptop Kit: LAPKC51E, LAPKC71E, LAPKC71F.
|
|
CVE-2023-40540
CVE-2022-34301
CVE-2022-34302
CVE-2022-34303
Intel® NUC Extreme Compute Element:
NUC11BTMi7, NUC11DBBi7, NUC11BTMi9, NUC11DBBi9.
|
|
CVE-2022-34301
CVE-2022-34302
CVE-2022-34303
Intel® NUC Boards:
NUC11TNBi3, NUC11TNBi30Z, NUC11TNHi3, NUC11TNHi30L, NUC11TNHi30P, NUC11TNHi30Z, NUC11TNKi3, NUC11TNKi30Z.
NUC11TNBi5, NUC11TNBi50Z, NUC11TNHi5, NUC11TNHi50L, NUC11TNHi50W, NUC11TNHi50Z, NUC11TNKi5, NUC11TNKi50Z.
NUC11TNBi7, NUC11TNBi70Z, NUC11TNHi7, NUC11TNHi70L,
NUC11TNHi70Q, NUC11TNHi70Z, NUC11TNKi7, NUC11TNKi70Z.
|
|
CVE-2023-40540
CVE-2022-34301
CVE-2022-34302
CVE-2022-34303
Intel® NUC: NUC11PHKi7C, NUC11PHKi7CAA.
|
|
Intel® NUC Pro Compute Element:
NUC9V7QNB, NUC9V7QNX, NUC9VXQNB, NUC9VXQNX.
|
|
Intel® NUC 9 Extreme Laptop Kit:
LAPQC71B, LAPQC71D, LAPQC71C, LAPQC71A.
|
QCCFL357
|
Intel® NUC Rugged Kit:
NUC8CCHB, NUC8CCHBN, NUC8CCHKRN, NUC8CCHKR.
|
|
Intel® NUC Pro Kit, Intel® NUC Pro Board, Intel® NUC Pro Mini PC:
NUC11TNKv50Z, NUC11TNHv70L, NUC11TNHv50L, NUC11TNKv5, NUC11TNKv7, NUC11TNHv5, NUC11TNHv7, NUC11TNBv7, NUC11TNBv5, NUC11TNKv5, NUC11TNKv7.
|
|
CVE-2022-34301
CVE-2023-40540
CVE-2022-34303
Intel® NUC Kit: NUC6CAYH, NUC6CAYS.
|
|
Intel recommends updating the affected Intel® NUC BIOS firmware to the latest version (see provided table above).
Intel would like to thank Mickey Shkatov, Jesse Michael of Eclypsium (CVE-2022-34301, CVE-2022-34303, CVE-2022-34302), Yngweijw (Jiawei Yin) (CVE-2023-40220) and the Binarly efiXplorer team (CVE-2023-40540) for reporting these issues.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.