CVE-2022-21198

Vulnerability

A time-of-check time-of-use (TOCTOU) race condition exists in the BIOS firmware for some Intel(R) processors [1]. This vulnerability, identified as CVE-2022-21198, affects certain Intel processor models and their associated BIOS firmware versions [1]. The condition occurs when the firmware checks a condition at one point in time but then uses the result at a later point, allowing an attacker to change the condition between the check and the use [1].

Exploitation

An attacker must have privileged access to the target system, typically in the form of administrative or kernel-level privileges, to exploit this vulnerability [1]. The attack is conducted locally, requiring the attacker to run code on the affected system [1]. The exploitation involves racing the firmware's check and use operations to bypass security checks or modify protected memory regions during a small timing window [1].

Impact

Successful exploitation of this TOCTOU race condition allows a privileged user to escalate their privileges further on the local system [1]. The attacker can potentially gain access to protected firmware regions, execute arbitrary code at a higher privilege level, or bypass security mechanisms enforced by the firmware [1]. The scope of the compromise is limited to the local system, but it can lead to full compromise of the platform's security [1].

Mitigation

Intel has released firmware updates to address this vulnerability [1]. Affected users should apply the latest BIOS/firmware updates from their system or motherboard manufacturer [1]. As of the publication date, no workarounds are available other than applying the patch [1]. This vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog [1].