Vulnerabilities > CVE-2023-22442 - Out-of-bounds Write vulnerability in Intel products

CVSS 7.1 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

intel

CWE-787

NVD

Published: 2023-05-10

Updated: 2023-11-07

Summary

Out of bounds write in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access.

Vulnerable Configurations

Part	Description	Count
OS	Intel Intel Server System D50Tnp1Mhcrlc Firmware - Intel Server System D50Tnp1Mhcpac Firmware - Intel Server System D50Tnp2Mhsvac Firmware - Intel Server System D50Tnp2Mhstac Firmware - Intel Server System D50Tnp1Mhcrac Firmware - Intel Server System D50Tnp2Mfalac Firmware - Intel Server System M50Cyp1Ur204 Firmware - Intel Server System M50Cyp1Ur212 Firmware - Intel Server System M50Cyp2Ur312 Firmware - Intel Server System M50Cyp2Ur208 Firmware -	10
Hardware	Intel Intel Server System D50Tnp1Mhcrlc - Intel Server System D50Tnp1Mhcpac - Intel Server System D50Tnp2Mhsvac - Intel Server System D50Tnp2Mhstac - Intel Server System D50Tnp1Mhcrac - Intel Server System D50Tnp2Mfalac - Intel Server System M50Cyp1Ur204 - Intel Server System M50Cyp1Ur212 - Intel Server System M50Cyp2Ur312 - Intel Server System M50Cyp2Ur208 -	10

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html