Memory Management Flaw in Intel SPS Firmware
CVE-2022-29515

5.5MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Sps
Vendor: CVE Published:; 11 November 2022

What is CVE-2022-29515?

A vulnerability exists in the Intel SPS firmware where memory is not properly released after its effective lifetime. This flaw permits a privileged local user to potentially trigger a denial of service condition. The issue is applicable to firmware versions prior to SPS_E3_06.00.03.035.0, leading to concerns over system stability and availability due to improper memory handling. Remediation efforts should focus on updating to the latest firmware version to mitigate the risks associated with this vulnerability.

Affected Version(s)

Intel(R) SPS before versions SPS_E3_06.00.03.035.0

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2022
Vulnerability Reserved
May 11, 2022