CVSS: 7.5EPSS: 0%CPEs: 72EXPL: 0CVE-2022-29510
https://notcve.org/view.php?id=CVE-2022-29510
14 Nov 2023 — Improper buffer restrictions in some Intel(R) Server Board M10JNP2SB BIOS firmware before version 7.219 may allow a privileged user to potentially enable escalation of privilege via local access. Las restricciones inadecuadas del búfer en Intel(R) Server Board M10JNP2SB BIOS firmware anteriores a la versión 7.219 pueden permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html • CWE-92: DEPRECATED: Improper Sanitization of Custom Special Characters CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.9EPSS: 0%CPEs: 66EXPL: 0CVE-2022-29262
https://notcve.org/view.php?id=CVE-2022-29262
14 Nov 2023 — Improper buffer restrictions in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. Las restricciones inadecuadas del búfer en Intel(R) Server Board BIOS firmware pueden permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html • CWE-92: DEPRECATED: Improper Sanitization of Custom Special Characters •
CVSS: 8.2EPSS: 0%CPEs: 66EXPL: 0CVE-2022-33945
https://notcve.org/view.php?id=CVE-2022-33945
14 Nov 2023 — Improper input validation in some Intel(R) Server board and Intel(R) Server System BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. La validación de entrada incorrecta en Intel(R) Server Board y Intel(R) Server System BIOS firmware puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html • CWE-20: Improper Input Validation •
CVSS: 8.2EPSS: 0%CPEs: 66EXPL: 0CVE-2023-34431
https://notcve.org/view.php?id=CVE-2023-34431
14 Nov 2023 — Improper input validation in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access La validación de entrada incorrecta en Intel(R) Server Board BIOS firmware puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html • CWE-20: Improper Input Validation •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 1CVE-2022-40262 – The arbitrary write vulnerability in S3Resume2Pei leads to arbitrary code execution during PEI phase.
https://notcve.org/view.php?id=CVE-2022-40262
20 Sep 2022 — A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing memory isolation and confidential computing boundaries. Additionally, an attacker can build a payload which can be injected into the SMRAM memory. This issue affects: Module name: S3Resume2Pei SHA256: 7bb29f05534a8a1e010443213451425098fae... • https://www.ami.com/security-center • CWE-123: Write-what-where Condition CWE-787: Out-of-bounds Write •