Improper Buffer Restrictions in Intel NUC Boards and Kits
CVE-2022-26124

7.8HIGH

Key Information:

Vendor: Intel
Status: Intel(r) Nuc Boards, Intel(r) Nuc 8 Boards, Intel(r) Nuc 8 Rugged Boards And Intel(r) Nuc 8 Rugged Kits
Vendor: CVE Published:; 11 November 2022

What is CVE-2022-26124?

The vulnerability involves improper buffer restrictions in the BIOS firmware of various Intel NUC product lines. This breach may permit a privileged user to escalate their privileges through local access, which poses risks to the integrity and confidentiality of system data. It is essential for users to update their BIOS firmware to at least version CHAPLCEL.0059 to mitigate this risk. For detailed information, refer to Intel's advisory.

Affected Version(s)

Intel(R) NUC Boards, Intel(R) NUC 8 Boards, Intel(R) NUC 8 Rugged Boards and Intel(R) NUC 8 Rugged Kits before version CHAPLCEL.0059

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2022
Vulnerability Reserved
Mar 2, 2022