The latest security information on Intel® products.

Intel® NUC Laptop Kit Advisory

Intel ID: INTEL-SA-00712
Advisory Category: Firmware
Impact of vulnerability: Escalation of Privilege
Severity rating: HIGH
Original release: 08/09/2022
Last revised: 07/07/2023
View all Show less

Summary: 

Potential security vulnerabilities in some Intel® NUC Laptop Kits may allow escalation of privilege.  Intel is releasing firmware updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2022-28858

Description: Improper buffer restriction in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

 

CVEID: CVE-2022-33209

Description: Improper input validation in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

 

CVEID: CVE-2022-27493

Description: Improper initialization in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable an escalation of privilege via local access.

CVSS Base Score: 7.5 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

 

CVEID: CVE-2022-34488

Description: Improper buffer restrictions in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.5 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

 

CVEID: CVE-2022-32579

Description: Improper initialization in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via physical access.

CVSS Base Score: 6.9 Medium

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

 

CVEID: CVE-2022-34345

Description: Improper input validation in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via physical access.

CVSS Base Score: 6.9 Medium

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected Products:

Product

Download Link

CVE ID

Intel® NUC Rugged Kit: NUC8CCHB, NUC8CCHBN, NUC8CCHKRN, NUC8CCHKR.

CHAPLCEL

CVE-2022-33209
CVE-2022-34488

Intel® NUC Laptop Kit:
LAPKC51E, LAPKC71E
LAPKC71F.

KCTGL357

CVE-2022-33209
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488

Intel® NUC 11 Performance Kit, Intel NUC 11 Performance Mini PC:

NUC11PAHi3, NUC11PAHi30Z, NUC11PAKi3.

NUC11PAHi5, NUC11PAHi50Z, NUC11PAKi5, NUC11PAQi50WA.

NUC11PAHi7, NUC11PAHi70Z, NUC11PAKi7, NUC11PAQi70QA.

PATGL357

CVE-2022-33209

Intel® NUC Pro Compute Element:
NUC9V7QNB, NUC9V7QNX,
NUC9VXQNB, NUC9VXQNX.

QNCFLX70

CVE-2022-33209
CVE-2022-34488

Intel® NUC 8 Compute Element:
CM8i3CB4N, CM8i5CB8N,
CM8i7CB8N, CM8CCB4R,
CM8PCB4R.

CBWHL357

CVE-2022-33209
CVE-2022-34345
CVE-2022-34488

Intel® NUC:
NUC11PHKi7C, NUC11PHKi7CAA.

PHTGL579

CVE-2022-33209
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488

Intel® NUC Extreme Compute Element:
NUC11BTMi7, NUC11DBBi7,
NUC11BTMi9, NUC11DBBi9.

DBTGL579

CVE-2022-33209
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488

Intel® NUC Laptop Kit:
LAPRC510, LAPRC710.

RCADL357

CVE-2022-33209
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488

Intel® NUC Laptop Kit:
LAPBC510, LAPBC710.

BCTGL357

CVE-2022-33209
CVE-2022-27493
CVE-2022-28858
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488

Intel® NUC Performance Kit
Intel® NUC Performance Mini PC:
NUC10i3FNH, NUC10i3FNHF, NUC10i3FNHFA, NUC10i3FNHJA, NUC10i3FNHN, NUC10i3FNK,
NUC10i3FNKN.

NUC10i5FNH, NUC10i5FNHCA, NUC10i5FNHF, NUC10i5FNHJA, NUC10i5FNHJ, NUC10i5FNHN,
NUC10i5FNK, NUC10i5FNKN, NUC10i5FNKPA, NUC10i5FNKP.

NUC10i7FNH, NUC10i7FNHAA, NUC10i7FNHC, NUC10i7FNHJA, NUC10i7FNHN, NUC10i7FNK,
NUC10i7FNKN, NUC10i7FNKP, NUC10i7FNKPA.

 

FNCML357

CVE-2022-33209
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488

Intel® NUC Extreme, Intel® NUC 12 Extreme Compute Element:

NUC12DCMi7, NUC12EDBi7, NUC12DCMi9, NUC12EDBi9.

EDADL579

CVE-2022-33209
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488

Intel® NUC 12 Compute Element:
ELM12HBi3
ELM12HBi5
ELM12HBi7
ELM12HBC

HBADL357

CVE-2022-33209
CVE-2022-32579
CVE-2022-34488

Intel® NUC Enthusiast:
NUC12SNKi72, NUC12SNKi72VA

SNADL357

CVE-2022-33209

Intel® NUC 11 Compute Element:
CM11EBi38W
CM11EBi58W
CM11EBi716W
CM11EBC4W

EBTGL357

CVE-2022-33209
CVE-2022-32579
CVE-2022-34488

Intel® NUC Pro Kit, Intel NUC Pro Board:
NUC8i3PNB, NUC8i3PNH
NUC8i3PNK

PNWHL357

CVE-2022-33209
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488

Intel® NUC Pro Board, Intel® NUC Pro Kit:
NUC12WSBi3, NUC12WSBi30Z, NUC12WSHi3, NUC12WSHi30L, NUC12WSHi30Z, NUC12WSKi3,
NUC12WSKi30Z.

NUC12WSBi5, NUC12WSBi50Z, NUC12WSHi5, NUC12WSHi50Z, NUC12WSKi5, NUC12WSKi50Z,

NUC12WSBi70Z, NUC12WSHi7, NUC12WSHi70Z, NUC12WSKi7, NUC12WSKi70Z.

 

WSADL357

CVE-2022-33209
CVE-2022-34345
CVE-2022-34488

Intel® NUC Boards:
NUC11TNBi3, NUC11TNBi30Z, NUC11TNHi3, NUC11TNHi30L, NUC11TNHi30P, NUC11TNHi30Z,
NUC11TNKi3, NUC11TNKi30Z.

NUC11TNBi5, NUC11TNBi50Z, NUC11TNHi5, NUC11TNHi50L, NUC11TNHi50W, NUC11TNHi50Z,
NUC11TNKi5, NUC11TNKi50Z.

NUC11TNBi7, NUC11TNBi70Z, NUC11TNHi7, NUC11TNHi70L, NUC11TNHi70Q, NUC11TNHi70Z,
NUC11TNKi7, NUC11TNKi70Z.

 

TNTGL357

CVE-2022-33209
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488

Intel® NUC Pro Kit, Intel® NUC Pro Board, Intel® NUC Pro Mini PC
NUC11TNKv50Z, NUC11TNHv70L, NUC11TNHv50L, NUC11TNKv5.

NUC11TNKv7, NUC11TNHv7, NUC11TNBv7, NUC11TNKv7.
NUC11TNBv5, NUC11TNKv5, NUC11TNHv5.

 

TNTGLV57

CVE-2022-33209
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488

Intel® NUC Essential:
NUC11ATBC4, NUC11ATKC2, NUC11ATKC2, NUC11ATKC4, NUC11ATKPE.

ATJSLCPX

CVE-2022-33209
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488

Intel® NUC Laptop Kits:
LAPAC71H, LAPAC71G.

ACADL357

CVE-2022-32579
CVE-2022-34345
CVE-2022-34488

Intel® NUC 13 Extreme Kit: NUC13RNGi5, NUC13RNGi7, NUC13RNGi9.

Intel® NUC 13 Extreme Compute Element:
NUC13SBBi5, NUC13SBBi7, NUC13SBBi9.

SBRPL579

CVE-2022-34345

Intel® NUC Kit, Intel® NUC Mini PC
NUC8i7INH, NUC8i5INH
NUC8i7INH, NUC8i5INH

INWHL357

CVE-2022-34488

Recommendations:

Intel recommends updating the affected Intel® NUC BIOS firmware to the latest version (see provided table above).

We encourage customers to guard against unauthorized access to their systems.

Acknowledgements:

Intel would like to thank the Binarly efiXplorer team for reporting these issues.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Revision History

Revision Date Description
1.0 08/09/2022 Initial Release
1.1 07/07/2023 Updated affected products table to include additional impacted products. Updated recommendations.
View all Show less

Legal Notices and Disclaimers

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

© Intel Corporation.  Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries United States and other countries.  Other names and brands may be claimed as the property of others.

Report a Vulnerability

If you have information about a security issue or vulnerability with an Intel branded product or technology, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

  • The products and versions affected
  • Detailed description of the vulnerability
  • Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

Need product support?

If you...

  • Have questions about the security features of an Intel product
  • Require technical support
  • Want product updates or patches


Please visit Support & Downloads.