CVE-2022-24382

Vulnerability

Improper input validation in the firmware of certain Intel NUC (Next Unit of Computing) devices allows a privileged user to potentially escalate privileges. The vulnerability exists in the firmware code that handles input validation, and it is reachable by a user with local access and sufficient privileges. Affected products include specific Intel NUC models and firmware versions as listed in Intel advisory INTEL-SA-00654 [1].

Exploitation

An attacker with local access and privileged user credentials (e.g., administrator or root) can exploit this vulnerability by sending specially crafted input to the firmware. The improper validation allows the attacker to bypass security checks and execute arbitrary code at a higher privilege level. No user interaction beyond the attacker's own actions is required.

Impact

Successful exploitation enables the attacker to escalate privileges within the system, potentially gaining full control over the firmware or the operating system. This could lead to complete compromise of the affected device, including persistent access and ability to bypass security mechanisms.

Mitigation

Intel has released firmware updates to remediate this vulnerability. Users should update their Intel NUC firmware to the latest version provided by the manufacturer, as detailed in Intel advisory INTEL-SA-00654 [1]. No workarounds are available; applying the firmware update is the recommended mitigation.