CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40196
https://notcve.org/view.php?id=CVE-2022-40196
Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 and Intel C++ Compiler Classic before version 2021.7.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00773.html •
CVSS: 8.8EPSS: 0%CPEs: 82EXPL: 0CVE-2022-29277
https://notcve.org/view.php?id=CVE-2022-29277
Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in: INTEL Purley-R: 05.21.51.0048 Whitley: 05.42.23.0066 Cedar Island: 05.42.11.0021 Eagle Stream: 05.44.25.0052 Greenlow/Greenlow-R(skylake/kabylake): Trunk Mehlow/Mehlow-R (CoffeeLake-S): Trunk Tatlow (RKL-S): Trunk Denverton: 05.10.12.0042 Snow Ridge: Trunk Graneville DE: 05.05.15.0038 Grangeville DE NS: 05.27.26.0023 Bakerville: 05.21.51.0026 Idaville: 05.44.27.0030 Whiskey Lake: Trunk Comet Lake-S: Trunk Tiger Lake H/UP3: 05.43.12.0052 Alder Lake: 05.44.23.0047 Gemini Lake: Not Affected Apollo Lake: Not Affected Elkhart Lake: 05.44.30.0018 AMD ROME: trunk MILAN: 05.36.10.0017 GENOA: 05.52.25.0006 Snowy Owl: Trunk R1000: 05.32.50.0018 R2000: 05.44.30.0005 V2000: Trunk V3000: 05.44.30.0007 Ryzen 5000: 05.44.30.0004 Embedded ROME: Trunk Embedded MILAN: Trunk Hygon Hygon #1/#2: 05.36.26.0016 Hygon #3: 05.44.26.0007 https://www.insyde.com/security-pledge/SA-2022060 Las comprobaciones incorrectas del puntero dentro del controlador FwBlockServiceSmm pueden permitir modificaciones arbitrarias de la RAM. Durante la revisión del controlador FwBlockServiceSmm, se podría engañar a ciertas instancias de SpiAccessLib para que escriban 0xff en direcciones SMRAM y del sistema arbitrarias. Solucionado en: INTEL Purley-R: 05.21.51.0048 Whitley: 05.42.23.0066 Cedar Island: 05.42.11.0021 Eagle Stream: 05.44.25.0052 Greenlow/Greenlow-R(skylake/kabylake): Trunk Mehlow/Mehlow-R (CoffeeLake-S) : Trunk Tatlow (RKL-S): Trunk Denverton: 05.10.12.0042 Snow Ridge: Trunk Graneville DE: 05.05.15.0038 Grangeville DE NS: 05.27.26.0023 Bakerville: 05.21.51.0026 Idaville: 05.44.27.0030 Whiskey Lake: Trunk Comet Lake-S : Trunk Tiger Lake H/UP3: 05.43.12.0052 Alder Lake: 05.44.23.0047 Gemini Lake: No afectado Apollo Lake: No afectado Elkhart Lake: 05.44.30.0018 AMD ROMA: Trunk MILAN: 05.36.10.0017 GÉNOVA: 05.52.25.0006 Nival: Trunk R1000: 05.32.50.0018 R2000: 05.44.30.0005 V2000: Trunk V3000: 05.44.30.0007 Ryzen 5000: 05.44.30.0004 Embedded ROME: Trunk Embedded MILAN: Trunk Hygon Hygon #1/#2: 05.36.2 6.0016 Hygon #3: 05.44. 26.0007 https://www.insyde.com/security-pledge/SA-2022060 • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022060 • CWE-787: Out-of-bounds Write •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26028
https://notcve.org/view.php?id=CVE-2022-26028
Uncontrolled search path in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Ruta de búsqueda no controlada en el software Intel(R) VTune(TM) Profiler anterior a la versión 2022.2.0 puede permitir que un usuario autenticado potencialmente habilite la escalada de privilegios a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00676.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33064
https://notcve.org/view.php?id=CVE-2021-33064
Uncontrolled search path in the software installer for Intel(R) System Studio for all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. La ruta de búsqueda no controlada en el instalador de software de Intel(R) System Studio para todas las versiones puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00558.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.5EPSS: 0%CPEs: 28EXPL: 0CVE-2022-28667
https://notcve.org/view.php?id=CVE-2022-28667
Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi software before version 22.140 may allow an unauthenticated user to potentially enable denial of service via adjacent access. La escritura fuera de los límites para algunos software Intel(R) PROSet/Wireless WiFi anteriores a la versión 22.140 puede permitir que un usuario no autenticado habilite potencialmente la Denegación de Servicio (DoS) a través del acceso adyacente. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00687.html • CWE-787: Out-of-bounds Write •