CVE-2022-24297

Vulnerability

CVE-2022-24297 is an improper buffer restrictions vulnerability in the firmware of certain Intel NUC kits and mini PCs. The issue exists in the system firmware and can be triggered by a privileged user with local access. Affected products include Intel NUC 8, 10, and 11 series, as well as other models listed in the Intel advisory [1]. The vulnerability is present in firmware versions prior to the fixed releases specified in INTEL-SA-00654.

Exploitation

An attacker must have local access to the system and possess privileged user credentials (e.g., administrator or root). The exploitation involves sending crafted input to the firmware interface, causing a buffer overflow due to improper restrictions. No user interaction beyond the attacker's own actions is required. The attack vector is local, meaning the attacker must be physically present or have remote desktop access with sufficient privileges.

Impact

Successful exploitation allows the attacker to escalate privileges within the firmware environment, potentially gaining higher-level access than originally granted. This could lead to arbitrary code execution at the firmware level, enabling persistent control over the system, bypass of operating system security mechanisms, or disclosure of sensitive information stored in firmware.

Mitigation

Intel has released firmware updates to address this vulnerability. Affected users should update their system firmware to the versions specified in INTEL-SA-00654 [1]. The advisory provides a list of affected products and corresponding fixed firmware versions. No workarounds are available; updating firmware is the only mitigation. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date.