Strix
26.1K

CVE-2022-21198

MEDIUMCVSS 6.4/10EPSS 0.13%

Last modified

CVE-2022-21198 is a medium-severity vulnerability rated 6.4/10 on the CVSS scale. Time-of-check time-of-use race condition in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.. EPSS estimates a 0.13% chance of exploitation in the next 30 days.

Description

Time-of-check time-of-use race condition in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Metrics

CVSS 3.1
6.4/10

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.13%

3.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
IntelCeleron 1000m FirmwareAll versions
IntelCeleron 1005m FirmwareAll versions
IntelCeleron 1007u FirmwareAll versions
IntelCeleron 1017u FirmwareAll versions
IntelCeleron 1019y FirmwareAll versions
IntelCeleron 1020e FirmwareAll versions
IntelCeleron 1020m FirmwareAll versions
IntelCeleron 1037u FirmwareAll versions
IntelCeleron 1047ue FirmwareAll versions
IntelCeleron 2955u FirmwareAll versions
IntelCeleron 2957u FirmwareAll versions
IntelCeleron 2970m FirmwareAll versions
IntelCeleron 2980u FirmwareAll versions
IntelCeleron 2981u FirmwareAll versions
IntelCeleron 3755u FirmwareAll versions
IntelCeleron 3765u FirmwareAll versions
IntelCeleron 3855u FirmwareAll versions
IntelCeleron 3865u FirmwareAll versions
IntelCeleron 3867u FirmwareAll versions
IntelCeleron 3955u FirmwareAll versions
IntelCeleron 3965u FirmwareAll versions
IntelCeleron 3965y FirmwareAll versions
IntelCeleron 4205u FirmwareAll versions
IntelCeleron 4305u FirmwareAll versions
IntelCeleron 4305ue FirmwareAll versions
IntelCeleron 5205u FirmwareAll versions
IntelCeleron 5305u FirmwareAll versions
IntelCeleron 6305 FirmwareAll versions
IntelCeleron 6305e FirmwareAll versions
IntelCeleron 6600he FirmwareAll versions
IntelCeleron 725c FirmwareAll versions
IntelCeleron 7300 FirmwareAll versions
IntelCeleron 7305 FirmwareAll versions
IntelCeleron 787 FirmwareAll versions
IntelCeleron 797 FirmwareAll versions
IntelCeleron 807 FirmwareAll versions
IntelCeleron 807ue FirmwareAll versions
IntelCeleron 827e FirmwareAll versions
IntelCeleron 847 FirmwareAll versions
IntelCeleron 847e FirmwareAll versions
IntelCeleron 857 FirmwareAll versions
IntelCeleron 867 FirmwareAll versions
IntelCeleron 877 FirmwareAll versions
IntelCeleron 887 FirmwareAll versions
IntelCeleron 927ue FirmwareAll versions
IntelCeleron B710 FirmwareAll versions
IntelCeleron B720 FirmwareAll versions
IntelCeleron B800 FirmwareAll versions
IntelCeleron B810 FirmwareAll versions
IntelCeleron B810e FirmwareAll versions

Showing 50 of 447 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-21198?
Time-of-check time-of-use race condition in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
How severe is CVE-2022-21198?
CVE-2022-21198 has a CVSS score of 6.4/10 (MEDIUM severity). The EPSS model estimates a 0.13% probability of exploitation in the next 30 days.
How do I fix CVE-2022-21198?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-21198?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST