Vulnerabilities > CVE-2022-29515 - Memory Leak vulnerability in Intel Server Platform Services Firmware

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

intel

CWE-401

NVD

Published: 2022-11-11

Updated: 2022-11-17

Summary

Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may allow a privileged user to potentially enable denial of service via local access.

Vulnerable Configurations

Part	Description	Count
OS	Intel Intel Server Platform Services Firmware 3.0.6.267.4 Intel Server Platform Services Firmware 4.0 Intel Server Platform Services Firmware 4.00.04.367 Intel Server Platform Services Firmware 4.00.04.382 Intel Server Platform Services Firmware 4.00.04.383 Intel Server Platform Services Firmware 4.01.00.152.0 Intel Server Platform Services Firmware 4.01.02.173 Intel Server Platform Services Firmware 4.01.02.174 Intel Server Platform Services Firmware 5.00.04.012 Intel Server Platform Services Firmware Sps_E3_04.01.00.000.0 Intel Server Platform Services Firmware Sps_E3_04.01.04.085.0 Intel Server Platform Services Firmware Sps_E3_04.01.04.086.0 Intel Server Platform Services Firmware Sps_E3_04.01.04.700.0 Intel Server Platform Services Firmware Sps_E3_05.00.04.027.0	14

Common Weakness Enumeration (CWE)

CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html