CVE-2022-21198

high-risk
Published 2022-11-11

Time-of-check time-of-use race condition in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Do I need to act?

-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.9/10 High
LOCAL / LOW complexity

Affected Products (20)

Celeron 1000M Firmware
Celeron 1005M Firmware
Celeron 1007U Firmware
Celeron 1017U Firmware
Celeron 1019Y Firmware
Celeron 1020E Firmware
Celeron 1020M Firmware
Celeron 1037U Firmware
Celeron 1047Ue Firmware
Celeron 2955U Firmware
Celeron 2957U Firmware
Celeron 2970M Firmware
Celeron 2980U Firmware
Celeron 2981U Firmware
Celeron 3755U Firmware
Celeron 3765U Firmware
Celeron 3855U Firmware
Celeron 3865U Firmware
Celeron 3867U Firmware
Celeron 3955U Firmware

Affected Vendors

Intel

References (2)

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00688....
Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00688....
58
/ 100
high-risk
Severity 25/34 · High
Exploitability 0/34 · Minimal
Exposure 33/34 · Critical