Unrated severityNVD Advisory· Published Nov 11, 2022· Updated Aug 3, 2024

CVE-2022-36349

Description

Insecure default variable initialization in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Insecure default variable initialization in BIOS firmware for Intel NUC Boards and Kits before version MYi30060 allows an authenticated user to cause denial of service via local access.

Vulnerability

Insecure default variable initialization in the BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 allows an authenticated user to enable denial of service via local access [1]. The vulnerability is present in the default configuration and does not require additional privileges beyond standard user authentication.

Exploitation

An attacker must have local access to the system and valid user authentication. The exploitation involves leveraging the insecure default variable initialization to cause a denial of service condition. No special prior privileges are needed beyond authentication.

Impact

Successful exploitation allows the attacker to cause denial of service, rendering the system unavailable. The impact is limited to availability; confidentiality and integrity are not affected per the advisory.

Mitigation

Intel has released BIOS version MYi30060 to address this issue. Users should update to this version or later [1]. No workarounds are provided in the advisory.

References

INTEL-SA-00752

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Intel/NUC Boards and NUC Kits BIOS firmwaredescription
Intel/NUC Boardsllm-fuzzy
Range: <MYi30060
Intel/NUC Kitsllm-fuzzy
Range: <MYi30060

Patches

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.htmlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000