CVE-2022-32231

Name: CVE-2022-32231
Creator: NVD / NIST
Published: 2023-02-16T20:15:14.28+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.7/10EPSS 0.21%

Last modified Jun 17, 2026

CVE-2022-32231 is a medium-severity vulnerability rated 6.7/10 on the CVSS scale. Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.. EPSS estimates a 0.21% chance of exploitation in the next 30 days.

Description

Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Metrics

CVSS 3.1

6.7/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.21%

11.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-665

Affected Software

Vendor	Product	Versions
Intel	Xeon Gold 6138p Firmware	All versions
Intel	Xeon Bronze 3104 Firmware	All versions
Intel	Xeon Bronze 3106 Firmware	All versions
Intel	Xeon Gold 5115 Firmware	All versions
Intel	Xeon Gold 5118 Firmware	All versions
Intel	Xeon Gold 5119t Firmware	All versions
Intel	Xeon Gold 5120 Firmware	All versions
Intel	Xeon Gold 5120t Firmware	All versions
Intel	Xeon Gold 5122 Firmware	All versions
Intel	Xeon Gold 6126 Firmware	All versions
Intel	Xeon Gold 6126f Firmware	All versions
Intel	Xeon Gold 6126t Firmware	All versions
Intel	Xeon Gold 6128 Firmware	All versions
Intel	Xeon Gold 6130 Firmware	All versions
Intel	Xeon Gold 6130f Firmware	All versions
Intel	Xeon Gold 6130t Firmware	All versions
Intel	Xeon Gold 6132 Firmware	All versions
Intel	Xeon Gold 6134 Firmware	All versions
Intel	Xeon Gold 6136 Firmware	All versions
Intel	Xeon Gold 6138 Firmware	All versions
Intel	Xeon Gold 6138f Firmware	All versions
Intel	Xeon Gold 6138t Firmware	All versions
Intel	Xeon Gold 6140 Firmware	All versions
Intel	Xeon Gold 6142 Firmware	All versions
Intel	Xeon Gold 6142f Firmware	All versions
Intel	Xeon Gold 6144 Firmware	All versions
Intel	Xeon Gold 6146 Firmware	All versions
Intel	Xeon Gold 6148 Firmware	All versions
Intel	Xeon Gold 6148f Firmware	All versions
Intel	Xeon Gold 6150 Firmware	All versions
Intel	Xeon Gold 6152 Firmware	All versions
Intel	Xeon Gold 6154 Firmware	All versions
Intel	Xeon Platinum 8153 Firmware	All versions
Intel	Xeon Platinum 8156 Firmware	All versions
Intel	Xeon Platinum 8158 Firmware	All versions
Intel	Xeon Platinum 8160 Firmware	All versions
Intel	Xeon Platinum 8160f Firmware	All versions
Intel	Xeon Platinum 8160t Firmware	All versions
Intel	Xeon Platinum 8164 Firmware	All versions
Intel	Xeon Platinum 8168 Firmware	All versions
Intel	Xeon Platinum 8170 Firmware	All versions
Intel	Xeon Platinum 8176 Firmware	All versions
Intel	Xeon Platinum 8176f Firmware	All versions
Intel	Xeon Platinum 8180 Firmware	All versions
Intel	Xeon Silver 4108 Firmware	All versions
Intel	Xeon Silver 4109t Firmware	All versions
Intel	Xeon Silver 4110 Firmware	All versions
Intel	Xeon Silver 4112 Firmware	All versions
Intel	Xeon Silver 4114 Firmware	All versions
Intel	Xeon Silver 4114t Firmware	All versions

Showing 50 of 181 affected configurations. See NVD for the full list.

References

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00717.htmlVendor Advisory
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00717.htmlVendor Advisory

Timeline

Published: Feb 16, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-32231?

Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

How severe is CVE-2022-32231?

CVE-2022-32231 has a CVSS score of 6.7/10 (MEDIUM severity). The EPSS model estimates a 0.21% probability of exploitation in the next 30 days.

How do I fix CVE-2022-32231?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-32231?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST