high
7.9
CWE
92
Advisory Published
Updated

CVE-2022-29262

First published: Tue Nov 14 2023(Updated: )

Improper buffer restrictions in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Credit: secure@intel.com

Affected SoftwareAffected VersionHow to fix
Intel Server Board m70klp2sb firmware<01.04.0022
Intel Server board m70klp2sb firmware
Intel Server System m70klp4s2uhh firmware<01.04.0022
Intel Server System m70klp4s2uhh firmware
Intel Server Board M20NTP2SB<0022.d02
Intel Server Board M20NTP2SB Firmware
Intel Server System<0022.d02
Intel Server System m20ntp1ur304 firmware
Intel Server Board M10JNP2SB<7.219
Intel Server Board M10JNP2SB Firmware
Intel Server Board S2600BPB Firmware<02.01.0015
Intel S2600BPBR Firmware
Intel Server Board S2600BPS Firmware<02.01.0015
Intel Server Board S2600BPS Firmware
Intel Server Board S2600BP Firmware<02.01.0015
Intel Server Board S2600BPSR Firmware
Intel S2600BPQR Firmware<02.01.0015
Intel S2600BPQR Firmware
Intel Server Board S2600BPB Firmware<02.01.0015
Intel Server Board S2600BPB Firmware
Intel Server Board S2600BPQ<02.01.0015
Intel Server Board S2600BPQ
Intel Compute Module HNS2600<02.01.0015
Intel Compute Module HNS2600BPBLCR Firmware
Intel Compute Module HNS2600<02.01.0015
Intel Compute Module hns2600bpblc
Intel Compute Module HNS2600BPBL-C24R Firmware<02.01.0015
Intel Compute Module HNS2600BPBL-C24R Firmware
Intel HNS2600BPS Firmware<02.01.0015
Intel Compute Module HNS2600BPS
Intel Compute Module HNS2600BPS24 Firmware<02.01.0015
Intel Compute Module HNS2600BPS24 Firmware
Intel Compute Module HNS2600BPBR Firmware<02.01.0015
Intel Compute Module HNS2600
Intel Compute Module HNS2600BPQR Firmware<02.01.0015
Intel Compute Module HNS2600
Intel Compute Module HNS2600BPSR Firmware<02.01.0015
Intel Compute Module hns2600bpsr
Intel Compute Module HNS2600BPS24R Firmware<02.01.0015
Intel Compute Module HNS2600BPS24R Firmware
Intel Compute Module HNS2600BPQ24R Firmware<02.01.0015
Intel compute module hns2600bpq24r firmware
Intel Compute Module HNS2600BPB24R Firmware<02.01.0015
Intel Compute Module HNS2600BPB24 Firmware
Intel Compute Module hns2600bp firmware<02.01.0015
Intel Compute Module hns2600bpb firmware
Intel Compute Module HNS2600BPBL-C24 Firmware<02.01.0015
Intel compute module hns2600bpblc24 firmware
Intel Compute Module HNS2600BPQR Firmware<02.01.0015
Intel Compute Module hns2600bpq
Intel HNS2600BPQ24 Firmware<02.01.0015
Intel Compute Module HNS2600BPQ24 Firmware
Intel Compute Module HNS2600BPBRCT Firmware<02.01.0015
Intel Compute Module HNS2600BPBRCT
Intel Server System VRN2224BPAF6 Firmware<02.01.0015
Intel Server System VRN2224BPAF6 Firmware
Intel Server System VRN2224BPHY6<02.01.0015
Intel Server system vrn2224bphy6 firmware
Intel Server System mcb2208wfaf5 firmware<02.01.0015
Intel Server System mcb2208wfaf5 firmware
Intel Server System ZSB2224BPAF2 Firmware<02.01.0015
Intel Server System ZSB2224BPAF2 Firmware
Intel Server System ZSB2224BPHY1 Firmware<02.01.0015
Intel Server System ZSB2224BPHY1 Firmware
Intel Server System ZSB2224BPAF1 Firmware<02.01.0015
Intel Server system zsb2224bpaf1 firmware

Remedy

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2022-29262?

    CVE-2022-29262 has a medium severity rating, indicating potential for escalated privileges under local access.

  • How do I fix CVE-2022-29262?

    To resolve CVE-2022-29262, update the affected Intel Server Board BIOS firmware to a version above 01.04.0022.

  • What type of vulnerability is CVE-2022-29262?

    CVE-2022-29262 is classified as an improper buffer restriction vulnerability.

  • Who is affected by CVE-2022-29262?

    The vulnerability affects users with Intel Server Boards and Systems running specific BIOS firmware versions.

  • Can CVE-2022-29262 be exploited remotely?

    No, CVE-2022-29262 requires localized access to exploit the privilege escalation vulnerability.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203