First published: Thu May 10 2018(Updated: )
Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode (SMM).
Credit: secure@intel.com
Affected Software | Affected Version | How to fix |
---|---|---|
Intel BIOS | =ayaplcel.86a | |
Intel BIOS | =bnkbl357.86a | |
Intel BIOS | =ccsklm5v.86a | |
Intel BIOS | =ccsklm30.86a | |
Intel BIOS | =dnkbli5v.86a | |
Intel BIOS | =dnkbli7v.86a | |
Intel BIOS | =dnkbli30.86a | |
Intel BIOS | =fybyt10h.86a | |
Intel BIOS | =gkaplcpx.86a | |
Intel BIOS | =kyskli70.86a | |
Intel BIOS | =mkkbli5v.86a | |
Intel BIOS | =mkkbly35.86a | |
Intel BIOS | =mybdwi5v.86a | |
Intel BIOS | =mybdwi30.86a | |
Intel BIOS | =rybdwi35.86a | |
Intel BIOS | =syskli35.86a | |
Intel BIOS | =tybyt10h.86a | |
Intel Ayaplcel.86a | ||
Intel Bnkbl357.86a | ||
Intel Ccsklm30.86a | ||
Intel Ccsklm5v.86a | ||
Intel Dnkbli30.86a | ||
Intel Dnkbli5v.86a | ||
Intel Dnkbli7v.86a | ||
Intel Fybyt10h.86a | ||
Intel Gkaplcpx.86a | ||
Intel Kyskli70.86a | ||
Intel Mkkbli5v.86a | ||
Intel Mkkbly35.86a | ||
Intel Mybdwi30.86a | ||
Intel Mybdwi5v.86a | ||
Intel Rybdwi35.86a | ||
Intel Syskli35.86a | ||
Intel Tybyt10h.86a |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-3612 is a vulnerability in Intel NUC kits that allows a local attacker to elevate privileges to System Management Mode (SMM) due to insufficient input validation in the system firmware.
CVE-2018-3612 has a severity score of 7.8 (high).
Intel NUC kits with the following BIOS versions are affected: ayaplcel.86a, bnkbl357.86a, ccsklm5v.86a, ccsklm30.86a, dnkbli5v.86a, dnkbli7v.86a, dnkbli30.86a, fybyt10h.86a, gkaplcpx.86a, kyskli70.86a, mkkbli5v.86a, mkkbly35.86a, mybdwi5v.86a, mybdwi30.86a, rybdwi35.86a, syskli35.86a, tybyt10h.86a.
To fix CVE-2018-3612, it is recommended to update the BIOS firmware of the affected Intel NUC kits to the latest version provided by Intel.
You can find more information about CVE-2018-3612 on Intel's official security advisory page: [Intel-SA-00110](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00110.html).