CVE-2022-34152

Vulnerability

Improper input validation in the BIOS firmware for certain Intel(R) NUC Boards and Intel(R) NUC Kits before firmware version TY0070 allows a privileged user to exploit the flaw. The vulnerability exists within the firmware's handling of untrusted input [1].

Exploitation

An attacker must already have privileged user access to the system (e.g., local administrator or root), as the flaw is not remotely exploitable. With local access, the attacker can provide specially crafted input to the vulnerable BIOS component, potentially triggering the validation failure [1].

Impact

Successful exploitation enables escalation of privilege, meaning the attacker could achieve higher system privileges than intended. This could include gaining access to low-level firmware functionality or bypassing security protections enforced by the BIOS [1].

Mitigation

Intel has released BIOS firmware version TY0070 (and later) to address this issue. Users should update their Intel NUC system firmware to version TY0070 or higher via the Intel Driver & Support Assistant or by downloading the update from the Intel Download Center. No workarounds are available for unpatched versions; updating is the sole mitigation [1].