Filtered by vendor Intel
Subscribe
Total
1494 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40262 | 2 Ami, Intel | 3 Aptio V, Server Board M10jnp2sb, Server Board M10jnp2sb Firmware | 2022-09-26 | N/A | 8.2 HIGH |
| A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing memory isolation and confidential computing boundaries. Additionally, an attacker can build a payload which can be injected into the SMRAM memory. This issue affects: Module name: S3Resume2Pei SHA256: 7bb29f05534a8a1e010443213451425098faebd45948a4642db969b19d0253fc Module GUID: 89E549B0-7CFE-449D-9BA3-10D8B2312D71 | |||||
| CVE-2022-40261 | 2 Ami, Intel | 5 Aptio V, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc510 Firmware and 2 more | 2022-09-26 | N/A | 8.2 HIGH |
| An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into BIOS. Such a malicious firmware code in BIOS could persist across operating system re-installs. Additionally, this vulnerability potentially could be used by malicious actors to bypass security mechanisms provided by UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). This issue affects: Module name: OverClockSmiHandler SHA256: a204699576e1a48ce915d9d9423380c8e4c197003baf9d17e6504f0265f3039c Module GUID: 4698C2BD-A903-410E-AD1F-5EEF3A1AE422 | |||||
| CVE-2022-40246 | 1 Intel | 4 Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc510 Firmware, Nuc M15 Laptop Kit Lapbc710 and 1 more | 2022-09-26 | N/A | 7.2 HIGH |
| A potential attacker can write one byte by arbitrary address at the time of the PEI phase (only during S3 resume boot mode) and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing memory isolation and confidential computing boundaries. Additionally, an attacker can build a payload which can be injected into the SMRAM memory. This issue affects: Module name: SbPei SHA256: d827182e5f9b7a9ff0b9d3e232f7cfac43b5237e2681e11f005be627a49283a9 Module GUID: c1fbd624-27ea-40d1-aa48-94c3dc5c7e0d | |||||
| CVE-2022-26873 | 2 Ami, Intel | 5 Aptio V, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc510 Firmware and 2 more | 2022-09-26 | N/A | 8.2 HIGH |
| A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing memory isolation and confidential computing boundaries. Additionally, an attacker can build a payload which can be injected into the SMRAM memory. This issue affects: Module name: PlatformInitAdvancedPreMem SHA256: 644044fdb8daea30a7820e0f5f88dbf5cd460af72fbf70418e9d2e47efed8d9b Module GUID: EEEE611D-F78F-4FB9-B868-55907F169280 This issue affects: AMI Aptio 5.x. | |||||
| CVE-2022-40250 | 2 Ami, Intel | 5 Aptio V, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc510 Firmware and 2 more | 2022-09-24 | N/A | 8.8 HIGH |
| An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into BIOS. Such a malicious firmware code in BIOS could persist across operating system re-installs. Additionally, this vulnerability potentially could be used by malicious actors to bypass security mechanisms provided by UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). This issue affects: Module name: SmmSmbiosElog SHA256: 3a8acb4f9bddccb19ec3b22b22ad97963711550f76b27b606461cd5073a93b59 Module GUID: 8e61fd6b-7a8b-404f-b83f-aa90a47cabdf This issue affects: AMI Aptio 5.x. This issue affects: AMI Aptio 5.x. | |||||
| CVE-2021-33076 | 1 Intel | 60 Ssd 600p, Ssd 600p Firmware, Ssd 660p and 57 more | 2022-09-22 | N/A | 6.8 MEDIUM |
| Improper authentication in firmware for some Intel(R) SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2020-26140 | 5 Alfa, Arista, Cisco and 2 more | 388 Awus036h, Awus036h Firmware, C-100 and 385 more | 2022-09-03 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration. | |||||
| CVE-2022-21793 | 2 Intel, Vmware | 10 82599 10 Gigabit Ethernet Controller, Ethernet Controller X540, Ethernet Controller X550 and 7 more | 2022-08-26 | N/A | 5.5 MEDIUM |
| Insufficient control flow management in the Intel(R) Ethernet 500 Series Controller drivers for VMWare before version 1.11.4.0 and in the Intel(R) Ethernet 700 Series Controller drivers for VMWare before version 2.1.5.0 may allow an authenticated user to potentially enable a denial of service via local access. | |||||
| CVE-2021-33126 | 1 Intel | 14 Ethernet Controller V710, Ethernet Controller V710 Firmware, Ethernet Controller X710 and 11 more | 2022-08-26 | N/A | 4.4 MEDIUM |
| Improper access control in the firmware for some Intel(R) 700 and 722 Series Ethernet Controllers and Adapters before versions 8.5 and 1.5.5 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2022-34488 | 1 Intel | 4 Lapbc510, Lapbc510 Firmware, Lapbc710 and 1 more | 2022-08-24 | N/A | 7.8 HIGH |
| Improper buffer restrictions in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-34345 | 1 Intel | 4 Lapbc510, Lapbc510 Firmware, Lapbc710 and 1 more | 2022-08-24 | N/A | 6.2 MEDIUM |
| Improper input validation in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2022-33209 | 1 Intel | 4 Lapbc510, Lapbc510 Firmware, Lapbc710 and 1 more | 2022-08-24 | N/A | 7.8 HIGH |
| Improper input validation in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-32579 | 1 Intel | 4 Lapbc510, Lapbc510 Firmware, Lapbc710 and 1 more | 2022-08-24 | N/A | 7.2 HIGH |
| Improper initialization in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2022-28858 | 1 Intel | 4 Lapbc510, Lapbc510 Firmware, Lapbc710 and 1 more | 2022-08-24 | N/A | 7.8 HIGH |
| Improper buffer restriction in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-27493 | 1 Intel | 4 Lapbc510, Lapbc510 Firmware, Lapbc710 and 1 more | 2022-08-24 | N/A | 7.8 HIGH |
| Improper initialization in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2021-26257 | 1 Intel | 36 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3165 Firmware, Dual Band Wireless-ac 3168 and 33 more | 2022-08-24 | N/A | 5.5 MEDIUM |
| Improper buffer restrictions in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2021-23179 | 1 Intel | 36 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3165 Firmware, Dual Band Wireless-ac 3168 and 33 more | 2022-08-24 | N/A | 7.1 HIGH |
| Out of bounds read in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2022-21807 | 1 Intel | 1 Vtune Profiler | 2022-08-22 | N/A | 7.8 HIGH |
| Uncontrolled search path elements in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-26344 | 1 Intel | 1 Single Event Api | 2022-08-22 | N/A | 7.8 HIGH |
| Incorrect default permissions in the installation binaries for Intel(R) SEAPI all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-28696 | 1 Intel | 1 Distribution For Python | 2022-08-22 | N/A | 7.8 HIGH |
| Uncontrolled search path in the Intel(R) Distribution for Python before version 2022.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||