CVE-2022-26006

high-risk
Published 2022-11-11

Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Do I need to act?

-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.2/10 High
LOCAL / LOW complexity

Affected Products (20)

Core I7-3820 Firmware
Core I7-3920Xm Firmware
Core I7-3930K Firmware
Core I7-3940Xm Firmware
Core I7-3960X Firmware
Core I7-3970X Firmware
Core I7-4820K Firmware
Core I7-4930K Firmware
Core I7-4930Mx Firmware
Core I7-4940Mx Firmware
Core I7-4960X Firmware
Core I7-5820K Firmware
Core I7-5930K Firmware
Core I7-5960X Firmware
Core I7-6800K Firmware
Core I7-6850K Firmware
Core I7-6900K Firmware
Core I7-6950X Firmware

Affected Vendors

Intel

References (2)

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00688....
Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00688....
57
/ 100
high-risk
Severity 25/34 · High
Exploitability 0/34 · Minimal
Exposure 32/34 · Critical