Vulnerabilities > CVE-2022-26074 - Incomplete Cleanup vulnerability in Intel Server Platform Services Firmware

CVSS 4.4 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

intel

CWE-459

NVD

Published: 2022-08-18

Updated: 2022-10-07

Summary

Incomplete cleanup in a firmware subsystem for Intel(R) SPS before versions SPS_E3_04.08.04.330.0 and SPS_E3_04.01.04.530.0 may allow a privileged user to potentially enable denial of service via local access.

Vulnerable Configurations

Part	Description	Count
OS	Intel Intel Server Platform Services Firmware Sps_E3_04.01.04.700.0 Intel Server Platform Services Firmware 3.0.6.267.4 Intel Server Platform Services Firmware 4.0 Intel Server Platform Services Firmware 4.00.04.367 Intel Server Platform Services Firmware 4.00.04.382 Intel Server Platform Services Firmware 4.00.04.383 Intel Server Platform Services Firmware 4.01.00.152.0 Intel Server Platform Services Firmware 4.01.02.173 Intel Server Platform Services Firmware 4.01.02.174 Intel Server Platform Services Firmware 5.00.04.012 Intel Server Platform Services Firmware Sps_E3_04.01.00.000.0 Intel Server Platform Services Firmware Sps_E3_04.01.04.085.0 Intel Server Platform Services Firmware Sps_E3_04.01.04.086.0	13

Common Weakness Enumeration (CWE)

CWE-459 - Incomplete Cleanup

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References