Skip to main content

Core I7 6500U Firmware CVE-2022-29901

MEDIUM
Information Exposure (CWE-200)
2022-07-12 secure@intel.com
RCE Intel Information Disclosure Core I7 6500U Firmware Core I7 6510U Firmware Core I7 6560U Firmware Core I7 6567U Firmware Core I7 6600U Firmware Core I7 6650U Firmware Core I7 6660U Firmware Core I7 6700 Firmware Core I7 6700Hq Firmware Core I7 6700K Firmware Core I7 6700T Firmware Core I7 6700Te Firmware Core I7 6770Hq Firmware Core I7 6820Eq Firmware Core I7 6820Hk Firmware Core I7 6820Hq Firmware Core I7 6822Eq Firmware Core I7 6870Hq Firmware Core I7 6920Hq Firmware Core I7 6970Hq Firmware Core I7 8550U Firmware Core I7 8559U Firmware Core I7 8650U Firmware Core I7 8700B Firmware Core I7 8700K Firmware Core I7 8705G Firmware Core I7 8706G Firmware Core I7 8709G Firmware Core I7 8750H Firmware Core I7 8809G Firmware Core I7 8850H Firmware Core I3 6100 Firmware Core I3 6100E Firmware Core I3 6100H Firmware Core I3 6100T Firmware Core I3 6100Te Firmware Core I3 6100U Firmware Core I3 6102E Firmware Core I3 6110U Firmware Core I3 6120 Firmware Core I3 6120T Firmware Core I3 6167U Firmware Core I3 6300 Firmware Core I3 6300T Firmware Core I3 6320 Firmware Core I3 6320T Firmware Core I3 8000 Firmware Core I3 8000T Firmware Core I3 8020 Firmware Core I3 8100 Firmware Core I3 8100H Firmware Core I3 8100T Firmware Core I3 8109U Firmware Core I3 8120 Firmware Core I3 8130U Firmware Core I3 8145U Firmware Core I3 8300 Firmware Core I3 8300T Firmware Core I3 8350K Firmware Core I5 6200U Firmware Core I5 6210U Firmware Core I5 6260U Firmware Core I5 6267U Firmware Core I5 6287U Firmware Core I5 6300Hq Firmware Core I5 6300U Firmware Core I5 6310U Firmware Core I5 6350Hq Firmware Core I5 6360U Firmware Core I5 6400 Firmware Core I5 6400T Firmware Core I5 6440Eq Firmware Core I5 6440Hq Firmware Core I5 6442Eq Firmware Core I5 6500 Firmware Core I5 6500T Firmware Core I5 6500Te Firmware Core I5 6600 Firmware Core I5 6600K Firmware Core I5 6600T Firmware Core I5 8200Y Firmware Core I5 8210Y Firmware Core I5 8250U Firmware Core I5 8259U Firmware Core I5 8265U Firmware Core I5 8269U Firmware Core I5 8300H Firmware Core I5 8305G Firmware Core I5 8310Y Firmware Core I5 8350U Firmware Core I5 8365U Firmware Core I5 8400 Firmware Core I5 8400B Firmware Core I5 8400H Firmware Core I5 8400T Firmware Core I5 8420 Firmware Core I5 8420T Firmware Core I5 8500 Firmware Core I5 8500B Firmware Core I5 8500T Firmware Core I5 8550 Firmware Core I5 8550U Firmware Core I5 8600 Firmware Core I5 8600K Firmware Core I5 8600T Firmware Core I5 8650 Firmware Core I5 8650K Firmware Core I7 8500Y Firmware Core I7 8510Y Firmware Core I7 8557U Firmware Core I7 8560U Firmware Core I7 8565U Firmware Core I7 8569U Firmware Core I7 8665U Firmware Core I7 8670 Firmware Core I7 8670T Firmware Core I7 8700 Firmware Core I7 8700T Firmware Core I7 8750Hf Firmware Core I9 8950Hk Firmware Core M3 6Y30 Firmware Core M3 8100Y Firmware Core M5 6Y54 Firmware Core M5 6Y57 Firmware Core M7 6Y75 Firmware Fedora Xen ESXi Debian Linux
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 12, 2022 - 19:15 nvd
MEDIUM 6.5

DescriptionNVD

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.

AnalysisAI

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. Affected products include: Intel Core I7-6500U Firmware, Intel Core I7-6510U Firmware, Intel Core I7-6560U Firmware, Intel Core I7-6567U Firmware, Intel Core I7-6600U Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2019-0124 HIGH
7.8 Nov 14

Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting TXT, may allow a privi

CVE-2019-0123 HIGH
7.8 Nov 14

Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting SGX, may allow a privi

CVE-2019-0155 HIGH
7.8 Nov 14

Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R)

CVE-2019-11157 MEDIUM
6.7 Dec 16

Improper conditions check in voltage settings for some Intel(R) Processors may allow a privileged user to potentially en

CVE-2022-21151 MEDIUM
5.5 May 12

Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authe

CVE-2020-8695 MEDIUM
5.5 Nov 12

Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially ena

CVE-2020-8694 MEDIUM
5.5 Nov 12

Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to p

CVE-2020-0549 MEDIUM
5.5 Jan 28

Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially

CVE-2020-0548 MEDIUM
5.5 Jan 28

Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure

CVE-2019-0185 MEDIUM
5.5 Nov 14

Insufficient access control in protected memory subsystem for SMM for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM)

CVE-2019-0154 MEDIUM
5.5 Nov 14

Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) C

CVE-2019-14607 MEDIUM
5.3 Dec 16

Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial es

Share

CVE-2022-29901 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy