Intel Nuc M15 Laptop Kit Lapbc510 Firmware vulnerabilities

CVE-2023-22312 [HIGH] CWE-284 CVE-2023-22312: Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potential Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

CVE-2022-32569 [HIGH] CWE-119 CVE-2022-32569: Improper buffer restrictions in BIOS firmware for some Intel(R) NUC M15 Laptop Kits before version B Improper buffer restrictions in BIOS firmware for some Intel(R) NUC M15 Laptop Kits before version BCTGL357.0074 may allow a privileged user to potentially enable escalation of privilege via local access.

CVE-2022-40246 [HIGH] CWE-123 CVE-2022-40246: A potential attacker can write one byte by arbitrary address at the time of the PEI phase (only duri A potential attacker can write one byte by arbitrary address at the time of the PEI phase (only during S3 resume boot mode) and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing memory isolation and confidential c

CVE-2022-40250 [HIGH] CWE-121 CVE-2022-40250: An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arb An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help

CVE-2021-33086 [MEDIUM] CWE-787 CVE-2021-33086: Out-of-bounds write in firmware for some Intel(R) NUCs may allow an authenticated user to potentiall Out-of-bounds write in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable denial of service via local access.

CVE-2021-0067 [MEDIUM] CVE-2021-0067:  Improper access control in system firmware for some Intel(R) NUCs may allow a privileged user Improper access control in system firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.

CVE-2021-0054 [MEDIUM] CWE-119 CVE-2021-0054: Improper buffer restrictions in system firmware for some Intel(R) NUCs may allow a privileged user t Improper buffer restrictions in system firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.