Intel rolls out BIOS updates to fix LPE (CVE-2022-26006 & CVE-2022-21198) flaws

Intel recently released a new security advisory that contains two new BIOS-related vulnerabilities. Attackers can exploit these vulnerabilities to allow escalation of privilege. The related vulnerabilities involve local privilege escalation, which has greater harm to the target device.

The vulnerability numbered CVE-2022-21198 is more harmful because it affects multiple Intel CPUs except for the latest 13th Gen core series.

Affected users should pay attention to the website of the manufacturer/motherboard manufacturer to see if there is a BIOS update. Intel has distributed fixes and related partners.

Enterprise IT administrators can take the initiative to contact the device manufacturer or motherboard manufacturer to inquire about relevant security updates. In view of the greater impact of the vulnerability, it is recommended that the company install the update in time.

CVE-2022-21198 (CVSS score: 7.9) affects the following CPUs:

  • 10th, 11th, and 12th Generation Intel Core Processors & Pentium, Celeron Processor Family
  • 10th and 11th Generation Intel Core Processor Family
  • Intel Pentium Silver N6000 Processor Family, Intel Celeron® N4000 and N5000 Processor Families

CVE-2022-26006 (CVSS score: 8.2) affects the following CPUs:

  • Intel Xeon Processor E5 v3 Family
  • Intel Xeon Processor E5 v4 Family, Intel Core X-Series Processors

Thankfully, these vulnerabilities can only be exploited with physical access locally and cannot be used for remote attacks.