CVE-2022-36372

CVSS V2 None CVSS V3 None

Description

Improper buffer restrictions in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Overview

CVE ID
CVE-2022-36372

Assigner
secure@intel.com

Vulnerability Status
Analyzed

Published Version
2023-08-11T03:15:13

Last Modified Date
2023-08-17T14:38:13

Weakness Enumerations

CWE	URL
CWE-119	http://cwe.mitre.org/data/definitions/119.html

CPE Configuration (Product)

CPE	Vulnerable	Operator
		AND
cpe:2.3:o:intel:nuc_8_compute_element_cm8i3cb4n_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_8_compute_element_cm8i3cb4n:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_8_compute_element_cm8i5cb8n_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_8_compute_element_cm8i5cb8n:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_8_compute_element_cm8i7cb8n_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_8_compute_element_cm8i7cb8n:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_8_compute_element_cm8ccb4r_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_8_compute_element_cm8ccb4r:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_8_compute_element_cm8pcb4r_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_8_compute_element_cm8pcb4r:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_pro_kit_nuc8i3pnb_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_pro_kit_nuc8i3pnb:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_pro_kit_nuc8i3pnh_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_pro_kit_nuc8i3pnh:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_pro_kit_nuc8i3pnk_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_pro_kit_nuc8i3pnk:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_pro_board_nuc8i3pnb_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_pro_board_nuc8i3pnb:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_pro_board_nuc8i3pnh_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_pro_board_nuc8i3pnh:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_pro_board_nuc8i3pnk_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_pro_board_nuc8i3pnk:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_rugged_kit_nuc8cchb_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_rugged_kit_nuc8cchb:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_rugged_kit_nuc8cchbn_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_rugged_kit_nuc8cchbn:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_rugged_kit_nuc8cchkrn_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_rugged_kit_nuc8cchkrn:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_rugged_kit_nuc8cchkr_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_rugged_kit_nuc8cchkr:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_pro_compute_element_nuc9v7qnb_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_pro_compute_element_nuc9v7qnb:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_pro_compute_element_nuc9v7qnx_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_pro_compute_element_nuc9v7qnx:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_pro_compute_element_nuc9vxqnb_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_pro_compute_element_nuc9vxqnb:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_pro_compute_element_nuc9vxqnx_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_pro_compute_element_nuc9vxqnx:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_business_nuc8i7hnkqc_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_business_nuc8i7hnkqc:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_business_nuc8i7hvkva_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_business_nuc8i7hvkva:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_business_nuc8i7hvkvaw_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_business_nuc8i7hvkvaw:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_business_nuc8i7hvk_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_business_nuc8i7hvk:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_business_nuc8i7hnk_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_business_nuc8i7hnk:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_enthusiast_nuc8i7hnkqc_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_enthusiast_nuc8i7hnkqc:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_enthusiast_nuc8i7hvkva_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_enthusiast_nuc8i7hvkva:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_enthusiast_nuc8i7hvkvaw_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_enthusiast_nuc8i7hvkvaw:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_enthusiast_nuc8i7hvk_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_enthusiast_nuc8i7hvk:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_enthusiast_nuc8i7hnk_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_enthusiast_nuc8i7hnk:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_kit_nuc8i7hnkqc_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_kit_nuc8i7hnkqc:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_kit_nuc8i7hvkva_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_kit_nuc8i7hvkva:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_kit_nuc8i7hvkvaw_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_kit_nuc8i7hvkvaw:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_kit_nuc8i7hvk_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_kit_nuc8i7hvk:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_kit_nuc8i7hnk_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_kit_nuc8i7hnk:-:::::::*	0	OR

References

Reference URL	Reference Tags
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html	Patch Vendor Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-36372
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36372

History

Created	Old Value	New Value	Data Type	Notes
2023-09-06 03:32:34				Added to TrackCVE
2023-09-06 03:32:36			Weakness Enumeration	new