CVE-2022-38099

Summary

CVE	CVE-2022-38099
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-11-11 16:15:00 UTC
Updated	2023-08-08 14:21:00 UTC
Description	Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access.

Risk And Classification

Problem Types: CWE-20

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Intel	Nuc11dbbi7	-	All	All	All
Operating System	Intel	Nuc11dbbi7 Firmware	All	All	All	All
Hardware	Intel	Nuc11dbbi9	-	All	All	All
Operating System	Intel	Nuc11dbbi9 Firmware	All	All	All	All
Hardware	Intel	Nuc 11 Compute Element Cm11ebc4w	-	All	All	All
Operating System	Intel	Nuc 11 Compute Element Cm11ebc4w Firmware	All	All	All	All
Hardware	Intel	Nuc 11 Compute Element Cm11ebi38w	-	All	All	All
Operating System	Intel	Nuc 11 Compute Element Cm11ebi38w Firmware	All	All	All	All
Hardware	Intel	Nuc 11 Compute Element Cm11ebi58w	-	All	All	All
Operating System	Intel	Nuc 11 Compute Element Cm11ebi58w Firmware	All	All	All	All
Hardware	Intel	Nuc 11 Compute Element Cm11ebi716w	-	All	All	All
Operating System	Intel	Nuc 11 Compute Element Cm11ebi716w Firmware	All	All	All	All
Hardware	Intel	Nuc 11 Compute Element Cm11ebv58w	-	All	All	All
Operating System	Intel	Nuc 11 Compute Element Cm11ebv58w Firmware	All	All	All	All
Hardware	Intel	Nuc 11 Compute Element Cm11ebv716w	-	All	All	All
Operating System	Intel	Nuc 11 Compute Element Cm11ebv716w Firmware	All	All	All	All

References

Reference	Source	Link	Tags
INTEL-SA-00752	MISC	www.intel.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.