CVE-2022-29510
https://notcve.org/view.php?id=CVE-2022-29510
Improper buffer restrictions in some Intel(R) Server Board M10JNP2SB BIOS firmware before version 7.219 may allow a privileged user to potentially enable escalation of privilege via local access. Las restricciones inadecuadas del búfer en Intel(R) Server Board M10JNP2SB BIOS firmware anteriores a la versión 7.219 pueden permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html • CWE-92: DEPRECATED: Improper Sanitization of Custom Special Characters CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2022-29262
https://notcve.org/view.php?id=CVE-2022-29262
Improper buffer restrictions in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. Las restricciones inadecuadas del búfer en Intel(R) Server Board BIOS firmware pueden permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html • CWE-92: DEPRECATED: Improper Sanitization of Custom Special Characters •
CVE-2022-33945
https://notcve.org/view.php?id=CVE-2022-33945
Improper input validation in some Intel(R) Server board and Intel(R) Server System BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. La validación de entrada incorrecta en Intel(R) Server Board y Intel(R) Server System BIOS firmware puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html • CWE-20: Improper Input Validation •
CVE-2023-34431
https://notcve.org/view.php?id=CVE-2023-34431
Improper input validation in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access La validación de entrada incorrecta en Intel(R) Server Board BIOS firmware puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html • CWE-20: Improper Input Validation •
CVE-2022-40262 – The arbitrary write vulnerability in S3Resume2Pei leads to arbitrary code execution during PEI phase.
https://notcve.org/view.php?id=CVE-2022-40262
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing memory isolation and confidential computing boundaries. Additionally, an attacker can build a payload which can be injected into the SMRAM memory. This issue affects: Module name: S3Resume2Pei SHA256: 7bb29f05534a8a1e010443213451425098faebd45948a4642db969b19d0253fc Module GUID: 89E549B0-7CFE-449D-9BA3-10D8B2312D71 Un atacante potencial puede ejecutar un código arbitrario en el momento de la fase PEI e influir en las etapas de arranque posteriores. Esto puede conllevar a una omisión de mitigaciones, revelación del contenido de la memoria física, detección de cualquier secreto de cualquier Máquina Virtual (VM) y omisión del aislamiento de la memoria y de los límites informáticos confidenciales. • https://www.ami.com/security-center https://www.binarly.io/advisories/BRLY-2022-009 • CWE-123: Write-what-where Condition CWE-787: Out-of-bounds Write •