Intel’s hardware is found in millions of homes and businesses. Their NUC (Next Unit of Computing) products are particularly popular for compact builds and small offices. But even reliable hardware has its vulnerabilities. One such example is CVE-2022-36349, a security flaw rooted in insecure variable initialization in the BIOS firmware of some Intel NUC Boards and Kits.
In this post, we'll break down what this vulnerability is, show relevant code concepts, discuss exploitation, and guide you to further reading. Everything is explained in simple terms.
What is CVE-2022-36349?
CVE-2022-36349 affects certain Intel® NUC Boards and Kits that have BIOS firmware versions before MYi30060. The problem is due to how the BIOS firmware initializes some variables—it doesn’t do it securely by default. This opens the door for a (local, authenticated) attacker to manipulate system behavior and trigger a denial of service (DoS).
Attack Vector: Physical or authenticated local access
- CWE: CWE-665: Improper Initialization
Reference:
- Intel Security Advisory INTEL-SA-00719
- NVD Entry for CVE-2022-36349
BIOS and Variable Initialization
BIOS firmware stores a range of setup variables, such as boot order, password settings, or hardware configurations, in special non-volatile memory (NVRAM). The vulnerability exists because some variables are not initialized properly when the BIOS first boots or under certain upgrade conditions.
Here’s a simplified snippet to demonstrate good variable initialization
// Secure initialization
uint8_t biosFlag = ; // Always initialize variables!
But in affected firmware, the variable might be left uninitialized
// Unsafe: 'biosFlag' value is unpredictable
uint8_t biosFlag; // Value could be anything...
If an attacker manages to influence the state or value of this variable (for example, by causing a “cold boot” or using special hardware tools), they can trigger unpredictable BIOS behavior. Sometimes the system may fail to boot, which is a classic denial of service.
Variable manipulation:
With physical tools (like a flash programmer) or software (malware/rootkit), the attacker corrupts or tampers with BIOS variables in NVRAM.
Trigger firmware malfunction:
On next boot, due to improper variable initialization, the BIOS might misbehave—crashing, halting, or failing POST (Power On Self Test).
Denial of Service:
The device becomes unbootable unless the BIOS is recovered via manual means (e.g., recovery jumper, SPI flashing).
Proof-of-Concept (PoC) Example
While a full exploit would require specialized setups, here’s how a proof-of-concept might look in pseudocode:
// Pseudocode: BIOS reads an uninitialized variable
if (biosFlag != EXPECTED_VALUE) {
// Take an abnormal code path, possibly crashing
halt_system();
}
A malicious tool can intentionally corrupt the biosFlag variable’s storage in NVRAM. On reboot, the system takes the bad code path.
Physical SPI programmers (like Bus Pirate, CH341A, etc.)
- Open-source tools (like Flashrom)
- Dedicated rootkits/backdoors (if already on the OS)
Impact: Permanent DoS until firmware is manually restored.
- Scope: Affects only some NUC boards/kits with vulnerable BIOS versions.
Intel fixed this in version MYi30060. Download updates from
- Intel NUC Support Download Center
3. Mitigating the Threat
- Restrict physical/local access to machines.
Learn More
- Intel Security Advisory INTEL-SA-00719
- CVE-2022-36349 in NVD Database
- BIOS/UEFI Programming Guide (GitHub resource)
Final Thoughts
Hardware security problems like CVE-2022-36349 might seem intimidating, but the fix is often straightforward: update your BIOS! If you administer computers in your home or business, make it a habit to check for firmware updates regularly. Denial of service attacks may not steal your data, but they can knock your devices offline at the worst possible time.
Timeline
Published on: 11/11/2022 16:15:00 UTC
Last modified on: 11/16/2022 16:57:00 UTC