Severity
Medium
Analysis Summary
CVE-2022-33894 CVSS:7.5
Intel Processors could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation in the BIOS firmware. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2022-38087 CVSS:4.1
Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by exposure of resource to wrong sphere in BIOS firmware. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
Impact
- Privilege Escalation
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2022-33894
- CVE-2022-38087
Affected Vendors
Intel
Affected Products
- Intel 8th Generation Core Processor Family
- Intel 7th Generation Core Processor Family
- Intel 10th Generation Core Processor Family
- Intel Xeon Processor E Family
Remediation
Refer to INTEL Security Advisory for patch, upgrade or suggested workaround information.