CVE-2023-42772 : Untrusted pointer dereference in UEFI firmware for some Intel(R) reference proce

Untrusted pointer dereference in UEFI firmware for some Intel(R) reference processors may allow a privileged user to potentially enable escalation of privilege via local access.

Published 2024-09-16 17:16:00

Updated 2024-09-16 18:03:17

Source Intel Corporation

View at NVD, CVE.org

Products affected by CVE-2023-42772

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2023-42772

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 7 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-42772

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.2	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	1.5	6.0	Intel Corporation	2024-09-16
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High
8.7	HIGH	CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/V...	N/A	N/A	Intel Corporation	2024-09-16
Attack Vector: Local Attack Complexity: Low Attack Requirements: Present Privileges Required: High User Interaction: None Confidentiality (VC): High Integrity (VI): High Availability (VA): High

CWE ids for CVE-2023-42772

CWE-822 Untrusted Pointer Dereference

The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.

Assigned by: secure@intel.com (Primary)

References for CVE-2023-42772

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01071.html

INTEL-SA-01071

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-42772

Products affected by CVE-2023-42772

Exploit prediction scoring system (EPSS) score for CVE-2023-42772

CVSS scores for CVE-2023-42772

CWE ids for CVE-2023-42772

References for CVE-2023-42772