Strix
26.1K

CVE-2022-26006

MEDIUMCVSS 6.7/10EPSS 0.19%

Last modified

CVE-2022-26006 is a medium-severity vulnerability rated 6.7/10 on the CVSS scale. Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.. EPSS estimates a 0.19% chance of exploitation in the next 30 days.

Description

Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Metrics

CVSS 3.1
6.7/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.19%

9.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
IntelCore I5-7640x FirmwareAll versions
IntelCore I7-3820 FirmwareAll versions
IntelCore I7-3920xm FirmwareAll versions
IntelCore I7-3930k FirmwareAll versions
IntelCore I7-3940xm FirmwareAll versions
IntelCore I7-3960x FirmwareAll versions
IntelCore I7-3970x FirmwareAll versions
IntelCore I7-4820k FirmwareAll versions
IntelCore I7-4930k FirmwareAll versions
IntelCore I7-4930mx FirmwareAll versions
IntelCore I7-4940mx FirmwareAll versions
IntelCore I7-4960x FirmwareAll versions
IntelCore I7-5820k FirmwareAll versions
IntelCore I7-5930k FirmwareAll versions
IntelCore I7-5960x FirmwareAll versions
IntelCore I7-6800k FirmwareAll versions
IntelCore I7-6850k FirmwareAll versions
IntelCore I7-6900k FirmwareAll versions
IntelCore I7-6950x FirmwareAll versions
IntelCore I7-7740x FirmwareAll versions
IntelCore I7-7800x FirmwareAll versions
IntelCore I7-7820x FirmwareAll versions
IntelCore I7-9800x FirmwareAll versions
IntelCore I9-10900x FirmwareAll versions
IntelCore I9-10920x FirmwareAll versions
IntelCore I9-10940x FirmwareAll versions
IntelCore I9-10980xe FirmwareAll versions
IntelCore I9-7900x FirmwareAll versions
IntelCore I9-7920x FirmwareAll versions
IntelCore I9-7940x FirmwareAll versions
IntelCore I9-7960x FirmwareAll versions
IntelCore I9-7980xe FirmwareAll versions
IntelCore I9-9820x FirmwareAll versions
IntelCore I9-9900x FirmwareAll versions
IntelCore I9-9920x FirmwareAll versions
IntelCore I9-9940x FirmwareAll versions
IntelCore I9-9960x FirmwareAll versions
IntelCore I9-9980xe FirmwareAll versions
IntelXeon E5-1428l V3 FirmwareAll versions
IntelXeon E5-1620 V3 FirmwareAll versions
IntelXeon E5-1620 V4 FirmwareAll versions
IntelXeon E5-1630 V3 FirmwareAll versions
IntelXeon E5-1630 V4 FirmwareAll versions
IntelXeon E5-1650 V3 FirmwareAll versions
IntelXeon E5-1650 V4 FirmwareAll versions
IntelXeon E5-1660 V3 FirmwareAll versions
IntelXeon E5-1660 V4 FirmwareAll versions
IntelXeon E5-1680 V3 FirmwareAll versions
IntelXeon E5-1680 V4 FirmwareAll versions
IntelXeon E5-2408l V3 FirmwareAll versions

Showing 50 of 130 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-26006?
Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
How severe is CVE-2022-26006?
CVE-2022-26006 has a CVSS score of 6.7/10 (MEDIUM severity). The EPSS model estimates a 0.19% probability of exploitation in the next 30 days.
How do I fix CVE-2022-26006?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-26006?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST