The latest security information on Intel® products.

2023.3 IPU - BIOS Advisory

Intel ID: INTEL-SA-00813
Advisory Category: Firmware
Impact of vulnerability: Escalation of Privilege, Denial of Service, Information Disclosure
Severity rating: HIGH
Original release: 08/08/2023
Last revised: 08/08/2023
View all Show less

Summary: 

Potential security vulnerabilities in the BIOS firmware for some Intel® Processors may allow escalation of privilege, information disclosure or denial of service.  Intel is releasing firmware updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2022-37343

Description: Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

 

CVEID: CVE-2022-44611

Description: Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via adjacent access.

CVSS Base Score: 6.9 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L

 

CVEID: CVE-2022-38083

Description: Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

CVSS Base Score: 6.1 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N

 

CVEID: CVE-2022-27879

Description: Improper buffer restrictions in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

CVSS Base Score: 5.3 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

 

CVEID: CVE-2022-43505

Description: Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access.

CVSS Base Score: 4.1 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected Products:

CVE-2022-37343

Product Collection

Vertical Segment

CPU ID

Platform ID

Intel Atom® processor C3000 series

Server

506F1

01

Intel® Xeon® D Processor

Server

606C1

01

Intel Atom® processor P5000 series

Server

80665
80667

01

 

CVE-2022-44611

Product Collection

Vertical Segment

CPU ID

Platform ID

Intel® Xeon® E Processor Family

Server

 906EA
906ED

22

11th Gen Intel® Core™ Processor Family

Desktop,
Mobile

806C1
806C2
806D1

C2

80

10th Gen Intel® Core™ Processor Family

 Desktop,
Mobile

706E5

80

10th Gen Intel® Core™ Processor Family

 Desktop,
Mobile		 A0652
A0653
A0655
A0660
A0661
806EC		 20
01
22
80
80
07
11th Gen Intel® Core™ Processor Family,
Intel® Xeon® W processor 1300 series		 Desktop,
Mobile

A0671

A0653

01
9th Gen Intel® Core™ Processor Family,
8th Gen Intel® Core™ Processor Family		 Desktop,
Mobile

906EA
906EB
906EC
906ED
806EA

22
C0

8th Generation Intel® Core™ Processors

 Mobile,
Embedded

806EB

806EC

D0

94
Intel® Celeron® J6413, N6211.
Intel® Pentium® J6425, N6415.
Intel® Atom® x6211E, x6413E, x6425E,
x6212RE, x6414RE, x6425RE, x6427FE, x6200FE.

Embedded

90661

C2

 

CVE-2022-27879

Product Collection

Vertical Segment

CPU ID

Platform ID
Intel® Pentium® Processor J Series,
Intel® Pentium® Processor N Series,
Intel® Celeron® Processor J Series,
Intel® Celeron® Processor N Series,
Intel® Atom® Processor A Series,
Intel® Atom® Processor E3900 Series

Desktop,
Mobile,
Embedded

506C9
506CA

03
Intel® Pentium® Processor Silver Series,
Intel® Celeron® Processor J Series,
Intel® Celeron® Processor N Series

Desktop,

Mobile

706A1
706A8

01

 

CVE-2022-38083

Product Collection

Vertical Segment

CPU ID

Platform ID

Intel® Xeon® Processor E7 v4 Family

Server

406F1

EF
Intel® Xeon® Processor E5 v4 Family,
Intel® Core™ X-series Processors

Server

406F1

EF

Intel® Xeon® Processor E7 v3 Family

Server

306F4

B0

Intel® Xeon® Processor E5 v3 Family

Server

306F2

6F

Intel® Xeon® Processor D Family

Server

50665

10

Intel® Xeon® Processor D Family

Server

50663

10

Intel® Xeon® Processor D Family

Server

50664

10

Intel® Xeon® D-1633N Processor

Server

50665

10

 

CVE-2022-43505

Product Collection

Vertical Segment

CPU ID

Platform ID
Intel® Pentium® Processor J Series,
Intel® Pentium® Processor N Series,
Intel® Celeron® Processor J Series,
Intel® Celeron® Processor N Series,
Intel® Atom® Processor A Series,
Intel® Atom® Processor E3900 Series

Desktop,
Mobile

506C9

03
Intel® Pentium® Processor J Series,
Intel® Pentium® Processor N Series,
Intel® Celeron® Processor J Series,
Intel® Celeron® Processor N Series,
Intel® Atom® Processor A Series,
Intel® Atom® Processor E3900 Series

Embedded

506C9

03
Intel® Pentium® Processor J Series,
Intel® Pentium® Processor N Series,
Intel® Celeron® Processor J Series,
Intel® Celeron® Processor N Series,
Intel® Atom® Processor A Series,
Intel® Atom® Processor E3900 Series

Embedded

506CA

03

3rd Generation Intel® Xeon® Scalable Processor Family

Server

5065B

BF

Intel® Denverton Atom® Processor C3XXX

Server

506F1

 01

Intel® Xeon® Processor D Family

Server

50665

10

Intel® Xeon® Processor D Family

Server

50663

10

Intel® Xeon® D-1633N Processor

Server

50665

10

Intel® Xeon® Processor E3 v6 Family

 Server,
Workstation,
AMT Server

906E9

2A

10th Generation Intel® Core™ Processor Family

Desktop,
Mobile,
Embedded

A0652
A0653
A0655
A0660
A0661
806EC

 20
01
22
02
80
94

Intel® Core™ Processors with Intel® Hybrid Technology

Mobile

806A1

10

Intel® Xeon® Processor E7 v4 Family

Server

406F1

EF

Intel® Xeon® Processor E7 v3 Family

Server

306F4

80

10th Generation Intel® Core™ Processor Family

Server

606A6

80

Intel® Xeon® Processor W Family

Workstation

50657

BF

2nd Generation Intel® Xeon® Scalable Processors

Server

50657

BF

Intel® Xeon® Scalable Processors

Server

50653
50654

97
BF

Intel® Xeon® Processor D Family

Server

50654

B7
Intel® Xeon® Processor E5 v4 Family,
Intel® Core™ X-series Processors

Server

406F1

EF

Intel® Xeon® Processor E5 v3 Family

Server

306F2

6F
Intel® Pentium® Processor Silver Series,
Intel® Celeron® Processor J Series,
Intel® Celeron® Processor N Series		 Desktop,
Mobile,
Embedded

706A1
706A8

01

8th Generation Intel® Core™ Processor Family,
10th Generation Intel® Core™ Processor Family

Mobile

806E9
806EC

10
94

8th Generation Intel® Core™ Processors

 Mobile,
Embedded		 806EB
806EC		 D0
94
8th Generation Intel® Core™ Processor Family,
7th Generation Intel® Core™ Processor Family,
Intel® Core™ X-series Processors		 Desktop,
Mobile,
Embedded		 906E9
806EA
806E9

2A

C0
Intel® Xeon® Processor W Family,
Intel® Core™ X-series Processors		 Desktop,
Workstation

50654

B7

Intel® Core™ X-series Processors

Desktop

50657

B7
8th Generation Intel® Core™ Processor Family,
Intel® Pentium® Gold Processor Series,
Intel® Celeron® Processor G Series

Desktop

906EB

02

8th Generation Intel® Core™ Processor Family

Desktop

906EA

22

9th Generation Intel® Core™ Processor Family

Desktop

906ED

22

 

Recommendations:

Intel recommends that users of listed Intel® Processors update to the latest versions provided by the system manufacturer that addresses these issues.

Acknowledgements:

The following issues were found by external researchers. Intel would like to thank Yngweijw (Jiawei Yin) (CVE-2022-27879, CVE-2022-38083) and Jeremy Boone (@uffeux) (CVE-2022-44611) for reporting these issues.

CVE-2022-43505 was found separately by external researchers and Intel employees. Intel would like to thank Sergiu Ghetie, the CEO of Cloud Tank Inc., for the discovery of the original security vulnerability, disclosure and proposed mitigation. Intel would like to thank Benoit Morgan, Alyssa Milburn, Ke Sun, and Yuval Herman.

CVE-2022-37343 was found internally by Intel employees. Intel would like to thank Nicholas Lee Morgan (CVE-2022-37343).

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Revision History

Revision Date Description
1.0 08/08/2023 Initial Release
View all Show less

Legal Notices and Disclaimers

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

© Intel Corporation.  Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries United States and other countries.  Other names and brands may be claimed as the property of others.

Report a Vulnerability

If you have information about a security issue or vulnerability with an Intel branded product or technology, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

  • The products and versions affected
  • Detailed description of the vulnerability
  • Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

Need product support?

If you...

  • Have questions about the security features of an Intel product
  • Require technical support
  • Want product updates or patches


Please visit Support & Downloads.