CVE-2018-3612

Name: CVE-2018-3612
Creator: NVD / NIST
Published: 2018-05-10T22:29:00.307+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.32%

Last modified Jun 17, 2026

CVE-2018-3612 is a vulnerability of currently unknown severity. Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode (SMM).. EPSS estimates a 0.32% chance of exploitation in the next 30 days.

Description

Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode (SMM).

Metrics

EPSS Probability

0.32%

23.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions
Intel	Bios	ayaplcel.86a
Intel	Bios	bnkbl357.86a
Intel	Bios	ccsklm5v.86a
Intel	Bios	ccsklm30.86a
Intel	Bios	dnkbli5v.86a
Intel	Bios	dnkbli7v.86a
Intel	Bios	dnkbli30.86a
Intel	Bios	fybyt10h.86a
Intel	Bios	gkaplcpx.86a
Intel	Bios	kyskli70.86a
Intel	Bios	mkkbli5v.86a
Intel	Bios	mkkbly35.86a
Intel	Bios	mybdwi5v.86a
Intel	Bios	mybdwi30.86a
Intel	Bios	rybdwi35.86a
Intel	Bios	syskli35.86a
Intel	Bios	tybyt10h.86a
Intel	Ayaplcel.86a	All versions
Intel	Bnkbl357.86a	All versions
Intel	Ccsklm30.86a	All versions
Intel	Ccsklm5v.86a	All versions
Intel	Dnkbli30.86a	All versions
Intel	Dnkbli5v.86a	All versions
Intel	Dnkbli7v.86a	All versions
Intel	Fybyt10h.86a	All versions
Intel	Gkaplcpx.86a	All versions
Intel	Kyskli70.86a	All versions
Intel	Mkkbli5v.86a	All versions
Intel	Mkkbly35.86a	All versions
Intel	Mybdwi30.86a	All versions
Intel	Mybdwi5v.86a	All versions
Intel	Rybdwi35.86a	All versions
Intel	Syskli35.86a	All versions
Intel	Tybyt10h.86a	All versions

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00110.htmlVendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00110.htmlVendor Advisory

Timeline

Published: May 10, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-3612?

Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode (SMM).

How severe is CVE-2018-3612?

Severity scoring for CVE-2018-3612 is pending analysis. The EPSS model estimates a 0.32% probability of exploitation in the next 30 days.

How do I fix CVE-2018-3612?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-3612?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST