Core I5 9400F Firmware
CVE-2023-25756
HIGH
Severity by source
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Out-of-bounds read in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
AnalysisAI
Out-of-bounds read in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via adjacent access. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. Out-of-bounds read in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via adjacent access. Affected products include: Intel Atom X6200Fe Firmware, Intel Atom X6211E Firmware, Intel Atom X6212Re Firmware, Intel Atom X6413E Firmware, Intel Atom X6414Re Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.
More in Core I5 9400F Firmware
View allThe Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attac
Improper conditions check in voltage settings for some Intel(R) Processors may allow a privileged user to potentially en
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potenti
Improper input validation for some Intel(R) PROSet/Wireless WiFi, Intel vPro(R) CSME WiFi and Killer(TM) WiFi products m
Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized
Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of
Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authe
Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially ena
Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to p
Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially
Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure
Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial es
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today