CVE-2022-26074

CWE-4593 documents3 sources
Severity
4.4MEDIUM
EPSS
0.1%
top 65.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Intel Server Platform Services Firmware
Timeline
PublishedAug 18
Latest updateAug 19

Description

Incomplete cleanup in a firmware subsystem for Intel(R) SPS before versions SPS_E3_04.08.04.330.0 and SPS_E3_04.01.04.530.0 may allow a privileged user to potentially enable denial of service via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

NVDintel/server_platform_services_firmware< sps_e3_04.01.04.530.0+1
CVEListV5intel(r)_spsbefore versions SPS_E3_04.08.04.330.0 and SPS_E3_04.01.04.530.0

🔴Vulnerability Details

2
GHSA
GHSA-6mrw-wxgj-q727: Incomplete cleanup in a firmware subsystem for Intel(R) SPS before versions SPS_E3_042022-08-19
CVEList
CVE-2022-26074: Incomplete cleanup in a firmware subsystem for Intel(R) SPS before versions SPS_E3_042022-08-18
CVE-2022-26074 (MEDIUM CVSS 4.4) | Incomplete cleanup in a firmware su | cvebase.io