ID

VAR-202211-0553


CVE

CVE-2022-29515


TITLE

Intel's  Intel Server Platform Services  Vulnerability in firmware not freeing memory after expiration

Trust: 0.8

sources: JVNDB: JVNDB-2022-020985

DESCRIPTION

Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may allow a privileged user to potentially enable denial of service via local access. Intel's Intel Server Platform Services A vulnerability exists in firmware related to lack of freeing memory after expiration.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-29515 // JVNDB: JVNDB-2022-020985 // VULHUB: VHN-421030

AFFECTED PRODUCTS

vendor:intelmodel:server platform servicesscope:ltversion:sps_e3_06.00.03.035.0

Trust: 1.0

vendor:インテルmodel:intel server platform servicesscope: - version: -

Trust: 0.8

vendor:日立model:日立アドバンストサーバ ha8000v シリーズscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-020985 // NVD: CVE-2022-29515

CVSS

SEVERITY

CVSSV2

CVSSV3

secure@intel.com: CVE-2022-29515
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2022-29515
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-29515
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202211-2450
value: MEDIUM

Trust: 0.6

secure@intel.com: CVE-2022-29515
baseSeverity: MEDIUM
baseScore: 6.0
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.5
impactScore: 4.0
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2022-29515
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-29515
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-020985 // CNNVD: CNNVD-202211-2450 // NVD: CVE-2022-29515 // NVD: CVE-2022-29515

PROBLEMTYPE DATA

problemtype:CWE-401

Trust: 1.1

problemtype:Lack of memory release after expiration (CWE-401) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-421030 // JVNDB: JVNDB-2022-020985 // NVD: CVE-2022-29515

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202211-2450

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202211-2450

PATCH

title:hitachi-sec-2022-224url:https://www.hitachi.co.jp/products/it/server/security/info/vulnerable/hitachi_sec_2022_224.html

Trust: 0.8

sources: JVNDB: JVNDB-2022-020985

EXTERNAL IDS

db:NVDid:CVE-2022-29515

Trust: 3.3

db:JVNid:JVNVU94499505

Trust: 0.8

db:JVNDBid:JVNDB-2022-020985

Trust: 0.8

db:AUSCERTid:ESB-2022.5834

Trust: 0.6

db:CNNVDid:CNNVD-202211-2450

Trust: 0.6

db:VULHUBid:VHN-421030

Trust: 0.1

sources: VULHUB: VHN-421030 // JVNDB: JVNDB-2022-020985 // CNNVD: CNNVD-202211-2450 // NVD: CVE-2022-29515

REFERENCES

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html

Trust: 2.5

url:https://jvn.jp/vu/jvnvu94499505/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-29515

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-29515/

Trust: 0.6

url:https://vigilance.fr/vulnerability/intel-amt-csme-sps-multiple-vulnerabilities-39877

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5834

Trust: 0.6

sources: VULHUB: VHN-421030 // JVNDB: JVNDB-2022-020985 // CNNVD: CNNVD-202211-2450 // NVD: CVE-2022-29515

SOURCES

db:VULHUBid:VHN-421030
db:JVNDBid:JVNDB-2022-020985
db:CNNVDid:CNNVD-202211-2450
db:NVDid:CVE-2022-29515

LAST UPDATE DATE

2025-02-06T21:25:17.430000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-421030date:2022-11-17T00:00:00
db:JVNDBid:JVNDB-2022-020985date:2024-03-07T04:45:00
db:CNNVDid:CNNVD-202211-2450date:2022-11-18T00:00:00
db:NVDid:CVE-2022-29515date:2025-02-05T21:15:17.497

SOURCES RELEASE DATE

db:VULHUBid:VHN-421030date:2022-11-11T00:00:00
db:JVNDBid:JVNDB-2022-020985date:2023-11-07T00:00:00
db:CNNVDid:CNNVD-202211-2450date:2022-11-09T00:00:00
db:NVDid:CVE-2022-29515date:2022-11-11T16:15:14.327