CVE-2022-26006 In the BIOS, improper input validation may allow a privileged user to enable escalation of privilege via local access.

CVE-2022-26006 In the BIOS, improper input validation may allow a privileged user to enable escalation of privilege via local access.

This may result in the user being able to gain access to system functions they normally may not have access to. Intel is actively investigating this issue and has confirmed only a very small number of systems are affected by this issue. The majority of Intel(R) processors are not affected by this issue. System manufacturers will work closely with customers to update affected systems. To determine if your system is affected by this issue, visit the Intel(R) Processor Errata Center at https://www.intel.com/content/www/us/en/support/processor-errata.html.

Intel® vPro™ Technology

Intel(R) vPro™ Technology is a series of security technologies designed to help protect your PC from malicious software that may have been installed or which may attempt to gain unauthorized access. These technologies allow you to manage your devices and safeguard your digital identity. Intel(R) vPro™ Technology can be deployed in several ways, including:
- via BIOS
- via a downloadable agent
- through Active Management Technology (AMT)
- through Remote Desktop Services (RDSS)

Vulnerable Software

Intel has confirmed that the processor in affected systems is vulnerable to CVE-2022-26006. This vulnerability allows an attacker to run unauthorized code on a system and gain access to system functions they normally may not have access to. Intel is actively investigating this issue and has confirmed only a very small number of systems are affected by this issue. The majority of Intel(R) processors are not affected by this issue. System manufacturers will work closely with customers to update affected systems. To determine if your system is affected by this issue, visit the Intel(R) Processor Errata Center at https://www.intel.com/content/www/us/en/support/processor-errata.html.

Intel® Optane™ Memory Supported

System Products
If this update is applied to your system, you may experience a delay in booting upon startup. This issue will not affect the overall performance or stability of the system. Intel(R) Optane™ Memory Supported System Products are listed below:
- Desktop PCs with Intel(R) Core(TM) i3/i5/i7 processors
- Desktop PCs with AMD Ryzen™ 3, 5, 7 and AMD Ryzen™ 3, 5, 7 Pro processors
- Desktop PCs with Intel(R) Core(TM) X-series Processors (formerly codenamed “Kaby Lake” CPUs)
- Desktop PCs with AMD Ryzen™ A series processors
- All notebooks with Intel(R) Core(TM) i3/i5/i7 processor family

Intel® Microprocessors and Xeon® Processor Firmware Update Information

Intel is now providing an update that contains the latest Intel Microprocessors and Xeon Processor Firmware. This update will be delivered automatically to customers on September 11, 2018. The update provides a mitigation for CVE-2022-26006, which may result in the user being able to gain access to system functions they normally may not have access to.

Common symptoms:

One of the most common symptoms of this issue is a blue screen on boot.
If you are unable to boot into Windows and see a blue screen with an error code, please continue reading for possible solutions.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe