CVE-2022-37336

Vulnerability

Improper input validation in the BIOS firmware for certain Intel(R) NUC products may allow a privileged user to potentially enable escalation of privilege via local access [1]. Affected versions include Intel NUC 8 Rugged, Intel NUC 8 Pro, Intel NUC 8 Mainstream-G, Intel NUC 8 Pro Kit/Board, and Intel NUC 8 Miniature PCs running BIOS firmware versions prior to updates specified in INTEL-SA-00892 [1].

Exploitation

An attacker must already have privileged access to the system (local access) to exploit this vulnerability [1]. The exploitation requires the attacker to send specially crafted input to the BIOS firmware, which due to improper input validation, triggers the escalation path [1].

Impact

Successful exploitation allows the attacker to escalate their privileges on the affected system [1]. The exact privilege level gained is not specified in the available reference, but the vulnerability is classified as high severity with a CVSS base score of 8.2, indicating significant impact on confidentiality, integrity, and availability [1].

Mitigation

Intel released firmware updates to address this vulnerability; affected users should update their BIOS to the fixed versions listed in the advisory INTEL-SA-00892 [1]. No workaround is mentioned in the reference, and the product may be affected if the BIOS is not updated.