An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system.

From: Mauro Carvalho Chehab <mchehab@kernel.org>
To: linuxtv-commits@linuxtv.org
Cc: Rondreis <linhaoguo86@gmail.com>,
	Alan Stern <stern@rowland.harvard.edu>,
	Sean Young <sean@mess.org>,
	stable@vger.kernel.org
Subject: \[git:media\_stage/master\] media: mceusb: Use new usb\_control\_msg\_\*() routines
Date: Sat, 24 Sep 2022 05:49:45 +0000	\[thread overview\]
Message-ID: <E1obysd-009Grw-He@www.linuxtv.org> (raw)

This is an automatic generated email to let you know that the following patch were queued:

Subject: media: mceusb: Use new usb\_control\_msg\_\*() routines
Author:  Alan Stern <stern@rowland.harvard.edu>
Date:    Fri Aug 26 21:31:40 2022 +0200

Automatic kernel fuzzing led to a WARN about invalid pipe direction in
the mceusb driver:

------------\[ cut here \]------------
usb 6-1: BOGUS control dir, pipe 80000380 doesn't match bRequestType 40
WARNING: CPU: 0 PID: 2465 at drivers/usb/core/urb.c:410
usb\_submit\_urb+0x1326/0x1820 drivers/usb/core/urb.c:410
Modules linked in:
CPU: 0 PID: 2465 Comm: kworker/0:2 Not tainted 5.19.0-rc4-00208-g69cb6c6556ad #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.13.0-1ubuntu1.1 04/01/2014
Workqueue: usb\_hub\_wq hub\_event
RIP: 0010:usb\_submit\_urb+0x1326/0x1820 drivers/usb/core/urb.c:410
Code: 7c 24 40 e8 ac 23 91 fd 48 8b 7c 24 40 e8 b2 70 1b ff 45 89 e8
44 89 f1 4c 89 e2 48 89 c6 48 c7 c7 a0 30 a9 86 e8 48 07 11 02 <0f> 0b
e9 1c f0 ff ff e8 7e 23 91 fd 0f b6 1d 63 22 83 05 31 ff 41
RSP: 0018:ffffc900032becf0 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff8881100f3058 RCX: 0000000000000000
RDX: ffffc90004961000 RSI: ffff888114c6d580 RDI: fffff52000657d90
RBP: ffff888105ad90f0 R08: ffffffff812c3638 R09: 0000000000000000
R10: 0000000000000005 R11: ffffed1023504ef1 R12: ffff888105ad9000
R13: 0000000000000040 R14: 0000000080000380 R15: ffff88810ba96500
FS: 0000000000000000(0000) GS:ffff88811a800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffe810bda58 CR3: 000000010b720000 CR4: 0000000000350ef0
Call Trace:
<TASK>
usb\_start\_wait\_urb+0x101/0x4c0 drivers/usb/core/message.c:58
usb\_internal\_control\_msg drivers/usb/core/message.c:102 \[inline\]
usb\_control\_msg+0x31c/0x4a0 drivers/usb/core/message.c:153
mceusb\_gen1\_init drivers/media/rc/mceusb.c:1431 \[inline\]
mceusb\_dev\_probe+0x258e/0x33f0 drivers/media/rc/mceusb.c:1807

The reason for the warning is clear enough; the driver sends an
unusual read request on endpoint 0 but does not set the USB\_DIR\_IN bit
in the bRequestType field.

More importantly, the whole situation can be avoided and the driver
simplified by converting it over to the relatively new
usb\_control\_msg\_recv() and usb\_control\_msg\_send() routines.  That's
what this fix does.

Reported-and-tested-by: Rondreis <linhaoguo86@gmail.com>
Link: https://lore.kernel.org/all/CAB7eexLLApHJwZfMQ=X-PtRhw0BgO+5KcSMS05FNUYejJXqtSA@mail.gmail.com/

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>

 drivers/media/rc/mceusb.c | 35 ++++++++++++++---------------------
 1 file changed, 14 insertions(+), 21 deletions(-)

---

diff --git a/drivers/media/rc/mceusb.c b/drivers/media/rc/mceusb.c
index 0834d5f866fd..39d2b03e2631 100644
--- a/drivers/media/rc/mceusb.c
+++ b/drivers/media/rc/mceusb.c
@@ -1416,42 +1416,37 @@ static void mceusb\_gen1\_init(struct mceusb\_dev \*ir)
 {
 	int ret;
 	struct device \*dev = ir->dev;
\-	char \*data;
-
-	data = kzalloc(USB\_CTRL\_MSG\_SZ, GFP\_KERNEL);
-	if (!data) {
-		dev\_err(dev, "%s: memory allocation failed!", \_\_func\_\_);
-		return;
-	}
+	char data\[USB\_CTRL\_MSG\_SZ\];
 
 	/\*
 	 \* This is a strange one. Windows issues a set address to the device
 	 \* on the receive control pipe and expect a certain value pair back
 	 \*/
\-	ret = usb\_control\_msg(ir->usbdev, usb\_rcvctrlpipe(ir->usbdev, 0),
-			      USB\_REQ\_SET\_ADDRESS, USB\_TYPE\_VENDOR, 0, 0,
-			      data, USB\_CTRL\_MSG\_SZ, 3000);
+	ret = usb\_control\_msg\_recv(ir->usbdev, 0, USB\_REQ\_SET\_ADDRESS,
+				   USB\_DIR\_IN | USB\_TYPE\_VENDOR,
+				   0, 0, data, USB\_CTRL\_MSG\_SZ, 3000,
+				   GFP\_KERNEL);
 	dev\_dbg(dev, "set address - ret = %d", ret);
 	dev\_dbg(dev, "set address - data\[0\] = %d, data\[1\] = %d",
 						data\[0\], data\[1\]);
 
 	/\* set feature: bit rate 38400 bps \*/
\-	ret = usb\_control\_msg(ir->usbdev, usb\_sndctrlpipe(ir->usbdev, 0),
-			      USB\_REQ\_SET\_FEATURE, USB\_TYPE\_VENDOR,
-			      0xc04e, 0x0000, NULL, 0, 3000);
+	ret = usb\_control\_msg\_send(ir->usbdev, 0,
+				   USB\_REQ\_SET\_FEATURE, USB\_TYPE\_VENDOR,
+				   0xc04e, 0x0000, NULL, 0, 3000, GFP\_KERNEL);
 
 	dev\_dbg(dev, "set feature - ret = %d", ret);
 
 	/\* bRequest 4: set char length to 8 bits \*/
\-	ret = usb\_control\_msg(ir->usbdev, usb\_sndctrlpipe(ir->usbdev, 0),
-			      4, USB\_TYPE\_VENDOR,
-			      0x0808, 0x0000, NULL, 0, 3000);
+	ret = usb\_control\_msg\_send(ir->usbdev, 0,
+				   4, USB\_TYPE\_VENDOR,
+				   0x0808, 0x0000, NULL, 0, 3000, GFP\_KERNEL);
 	dev\_dbg(dev, "set char length - retB = %d", ret);
 
 	/\* bRequest 2: set handshaking to use DTR/DSR \*/
\-	ret = usb\_control\_msg(ir->usbdev, usb\_sndctrlpipe(ir->usbdev, 0),
-			      2, USB\_TYPE\_VENDOR,
-			      0x0000, 0x0100, NULL, 0, 3000);
+	ret = usb\_control\_msg\_send(ir->usbdev, 0,
+				   2, USB\_TYPE\_VENDOR,
+				   0x0000, 0x0100, NULL, 0, 3000, GFP\_KERNEL);
 	dev\_dbg(dev, "set handshake  - retC = %d", ret);
 
 	/\* device resume \*/
@@ -1459,8 +1454,6 @@ static void mceusb\_gen1\_init(struct mceusb\_dev \*ir)
 
 	/\* get hw/sw revision? \*/
 	mce\_command\_out(ir, GET\_REVISION, sizeof(GET\_REVISION));
\-
-	kfree(data);
 }
 
 static void mceusb\_gen2\_init(struct mceusb\_dev \*ir)

                 reply	other threads:\[~2022-09-24  6:43 UTC|newest\]

**Thread overview:** \[no followups\] expand\[flat|nested\]  mbox.gz  Atom feed

**Reply instructions:**

You may reply publicly to this message via plain-text email
using any one of the following methods:

\* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting\_style#Interleaved\_style

\* Reply using the **\--to**, **\--cc**, and **\--in-reply-to**
  switches of git-send-email(1):

  git send-email \\
    --in-reply-to=E1obysd-009Grw-He@www.linuxtv.org \\
    --to=mchehab@kernel.org \\
    --cc=linhaoguo86@gmail.com \\
    --cc=linux-media@vger.kernel.org \\
    --cc=linuxtv-commits@linuxtv.org \\
    --cc=sean@mess.org \\
    --cc=stable@vger.kernel.org \\
    --cc=stern@rowland.harvard.edu \\
    /path/to/YOUR\_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

\* If your mail client supports setting the **In-Reply-To** header
  via mailto: links, try the mailto: link

Be sure your reply has a **Subject:** header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.

CVE-2022-3903: [git:media_stage/master] media: mceusb: Use new usb_control_msg_*() routines

By Deeba Ahmed
GAM3 awards are dubbed as the Grammys of the Web3 gaming industry.
This is a post from HackRead.com Read the original post: GAM3 Awards: Leading crypto firms and influencers to honor best in Web3 gaming

The leading crypto firms and influencers have collaborated for the inaugural GAM3 Awards. Dubbed the Grammys of the Web3 gaming industry, this event will be hosted by Polkastarter Gaming. It will be held on December 15 to acknowledge the best Web3 games for 2022.

**The All-Star Jury**

Voting will be conducted by an all-star jury, including industry experts and the wider Web3 community. More than 200 Web3 games and game developers/content creators will compete in this event.

There are 16 award categories, which include the coveted Game of the Year title. The jury deciding the winners comprises Fractal founder Justin Kan, Market Across’ managing partner Itaj Elizur, Urvit Goel, Global Games at Polygon Studios’ head, Solana Foundation’s head of technology Matt Sorg, and ImmutableX’s venture and strategy director, Rachel Levin. 

With their decades-long gaming experience, former Square Enix CTO and creator of games like Sonic: Unleashed and Final Fantasy XIV Online, Yoshihisa Hashimoto, ex-Senior Director of Partnerships at Electronic Arts, Edward Chang, and senior leaders at Riot Games, Xbox Game Studios, Electronic Arts, Amazon Gaming, and Unity Technologies. Some of the senior leaders include the following.

*   Sarutobi Sasuke, Head of Partnerships at YGG
*   Dan Patterson, General Partner at Sfermion
*   Brendan Wong, CEO at Avocado DAO
*   Jesper Lindquist, Senior Manager Web3 Gaming at Animoca Brands
*   Marco van den Heuvel, Co-Founder & CEO at Merit Circle
*   David Hanson, Founder & CEO at Ultra
*   John Izaguirre, BD Director at BNB Chain
*   Abhimanyu Kumar, Co-Founder at Naavik
*   Nathan N., Co-Founder at Ancient8

The jury consists of mainstream Web3 ecosystem partners, thought leaders, and media outlets to ensure a fair voting process.

1.  The Benefits Of Blockchain In The Travel Industry
2.  What is Blockchain Gaming and its Play-to-Earn Model?
3.  The Advantages of a More Secure and Safer Blockchain
4.  How Blockchain Can Revolutionize Personal Data Storage?

**Event Details**

Polkastarter Gaming will broadcast the event on all platforms simultaneously, including its YouTube, Twitch, and Twitter channels. The event will highlight the best Web3 games. Winners of the GAM3 Awards will receive a share of $300,000 worth of rewards and will gain sponsorships from Blockchain Game Alliance, Immutable X, Machinations, Ultra, Naavik, etc. The event is organized to recognize Web3’s best games and highlight the developers’ hard work in creating quality content.

**Award Categories**

Here is the list of categories for which awards will be issued.:

Action Game, Mobile Game, Adventure Game, Casual Game, RPG, Shooter Game, Graphics, Strategy Game, Card Game, Multiplayer Game, Esports Game, Graphics, and Content Creator.

Apart from that, there will be awards for Game’s Choice, Most Anticipated Game, and People’s Choice. The company stated that new categories would be added in the next edition of the awards.

**Judgment Criteria**

It is worth noting that 90% of the decision will be decided by the jury and 10% by the community, except for Games’ Choice, the winner of which will be determined by industry game studios as they will vote for their own version of the Game of the Year. Moreover, Best Content Creator and People’s Choice awards winners will be solely determined by the community, and their votes will carry 100% weight.

Judgment criteria include core loop, accessibility, graphics, replayability factor, playing experience, fun elements, etc. Eligibility criteria entail integration and utilization of blockchain technology.

GAM3 Awards: Leading crypto firms and influencers to honor best in Web3 gaming

Designation recognizes highest caliber of information security.

**PLEASANTON, Calif., Nov. 14, 2022 /PRNewswire/** — Avatier, the industry leader in identity and access management, today announced it has received ISO 27001:2013 certification for its Information Security Management System (ISMS).

ISO 27001:2013 is an information security standard published by the International Organization for Standardization (ISO), the world's largest developer of voluntary international standards, and the International Electrotechnical Commission (IEC). Avatier's certification was issued by A-LIGN, an independent and accredited certification body based in the United States, on the successful completion of a formal audit process. This certification is evidence that Avatier has met rigorous international standards in ensuring the confidentiality, integrity, and availability of the Avatier Identity Anywhere platform.

Avatier develops identity management and governance platforms that enable organizations to scale faster, innovate quicker and embrace change more securely. Avatier's identity access management (IAM) and identity governance and administration (IGA) solutions do not require client software, so management is in real-time across any platform, such as Google Chrome, Microsoft Teams, or iOS and Android.

"This certification demonstrates Avatier's continued commitment to information security at every level and ensures our customers that the security of their data and information has been addressed, implemented, and properly controlled in all areas of their organization," said Jeremy Russeau, Avatier CISO.

**About Avatier Corporation**

Avatier is the Identity Management company of the future with innovative solutions for today. Avatier develops a "state of the art" identity management platform enabling workforce collaboration resulting in better customer experiences and increased revenue. The company's Identity Anywhere platform uses container technology, providing maximum flexibility, scalability and security in a platform-independent and portable solution that future-proofs your investment. Avatier's identity management and access governance solutions make the world's largest organizations more secure and productive in the shortest time at the lowest costs. Avatier brings all your back-office business applications and employee assets together and manages them as one.

For more information, visit www.avatier.com.

**SOURCE:** Avatier

Avatier Achieves ISO 27001 Certification for its Information Security Management System

The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create, delete, update, and display files outside of the configuration directory via a crafted HTTP request to particular endpoints in the web server. Patched Versions are 3.5.3 and 3.4.7.

CVE-2022-45184: Changelog

SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. This occurs in the X3DH key exchange for the double ratchet protocol.

**Published:** Nov 8, 2022

**Security assessment by Trail of Bits**

When we first launched the app in March the response on Reddit was: _"Have you been audited or should we just ignore you?"_.

We have a growing number of enthusiasts using SimpleX Chat who can accept the security risks of unaudited system, but the users who depend on their security were patiently waiting until some independent experts validate our claims.

Trail of Bits, a US based security and technology consultancy whose clients include big tech companies, governmental agencies and major blockchain projects, had 2 engineers reviewing SimpleX Chat, specifically simplexmq library that is responsible for all cryptography and networking of SimpleX platform.

2 medium and 2 low severity issues were identified, all of which require a high difficulty attack to exploit – the attacker would need to have a privileged access to the system, may need to know complex technical details, or must discover other weaknesses to exploit them. 3 of these issues are already fixed in v4.2.

Overall we have SimpleX Chat in a decent shape, with most reviewed areas other than identified issues being marked as "satisfactory", and authentication and access controls as "strong".

The issues are explained below, and the full security review is available via Trail of Bits publications.

We are hugely thankful to Trails Of Bits and their engineers for the work they did, helping us identify these issues and strengthen the security of SimpleX Chat.

**Medium severity issues****X3DH key exchange for double ratchet protocol**

We made a mistake implementing X3DH key exchange - the key derivation function was not applied to the result of concatenation of three DH operations. The attack to exploit this mistake has high complexity, as it would require compromising one of private keys generated by the clients, and also it would only affect forward secrecy until break-in recovery happens (after both sides sent some messages).

Please note that SimpleX does not perform X3DH with long-term identity keys, as the SimpleX protocol does not rely on long-term keys to identify client devices. Therefore, the impact of compromising a key will be less severe, as it will affect only the secrets of the connection where the key was compromised.

This issue is fixed in version 4.2 in this PR, and if both clients are updated the key exchange will not have this vulnerability. Also, previously created connections should be secure as long as both sides sent the messages, but if you believe that your private key(s) could have been compromised (for example, if you used SimpleX Chat since before we added database encryption), we recommend that you create the new connections with your contacts, at least with the security-critical ones. Simply rotating the connection queue (manual queue rotation is added in version 4.2) will not be sufficient, as this rotation does not re-initialize the ratchets - this is something we will be adding in the future.

**Keys are stored in unpinned memory and not cleared after their lifetime**

The problem here is that the memory with cryptographic keys can be swapped to the storage and potentially accessed by an attacker who has root-level access to the device (or the level of access required to access swap file of the application). So, if you are running SimpleX Chat on desktop you could improve its security by running it in an isolated container.

On mobile operating systems it is less severe as each application already runs in its own container, and applications do not share access to their swap areas (e.g., on Android swap is a compressed area in RAM not accessible to other applications).

To exploit this issue an attacker needs to have a privileged system access to the device. Also, we believe Haskell generational garbage collection makes the lifetime of unused memory lower than in other languages.

We will be addressing this issue in the near future, possibly by using library secure-memory created by Kirill Elagin, an engineer at Serokell, or some other similar approach.

**Low severity issues****The functions that do string padding and unpadding can throw exceptions**

Both these issues are fixed in 4.2 in this PR, with the additional unit tests, and we also validated that even before the fix the strings that would cause such exception were never passed to this function – we could not find the possibility of the attack that would succeed because of this issue.

**What's next**

There are areas of SimpleX Chat that were out of scope of this review, specifically:

*   the chat protocol implementation and mobile UIs, as they includes no cryptography of networking (with the exception of Android app storing encrypted database passphrase and key exchange/encryption for WebRTC calls).
*   push notifications server that is used by iOS clients.

We will be arranging to review these areas separately.

**The new website**

Our previous website was created 2 years ago to present SimpleX idea, there was no SimpleX Chat at the time - we only had a prototype implementation of SimpleX Messaging Protocol server then.

A lot of people told us that our website didn't explain well enough who SimpleX Chat is for, what problems it solves, and how it is different from the alternatives. So, while we love to be focused on the chat application, we decided to make the new one.

We hope that our new website better answers these questions. If you think something should be added/removed/changed - please let us know. Thank you!

**SimpleX Chat v4.2 released!**

New in this release:

*   fixed 3 issues from the security audit!
*   group links - group admins can create the links for new members to join
*   auto-accept contact requests + configure whether to accept incognito and welcome message
*   small things: change group member role, mark chat as unread, send stickers and GIFs from Android keyboards.

Beta features (enable Developer tools to try them):

*   manually switch contact or member to another address / server (it has to be supported by both clients to work)
*   receive files faster (enable it in Privacy & Security settings)

**Group links**

    

It's been requested by many users - to be able to join a group via link. Because SimpleX Chat groups are fully decentralised, and there is no server-side state, joining via these links requires the participation of the link creator who has to be online to accept the group joining request.

The way it works under the hood is similar to how contact addresses work:

1.  Group admin or owner creates a long term address that is technically the same as a user address, but it is associated with a specific group.
2.  The user that joins the group can identify that this link belongs to some group by an additional piece of data in the link - {"type": "group", "groupLinkId": "some random string"}. The ID in this link does not represent a group identity, every time any user creates a new link for the same group, this ID will be different. This ID is used by the joining client to identify the group and automatically accept the invitation when it is received.
3.  When admin receives a connection request, they automatically accept it and send invitation link to join the group.
4.  The joining user compares the ID in the invitation with the ID in the link, and if they match – automatically accepts the invitation.

After that it works as when joining via the manual invitation - the joining user will be establishing the connection with all existing members to be able to send messages to the group.

The link can be created via the group page, as shown on the picture.

We have several groups you can join to ask any questions or just to test the app:

*   #SimpleX-Group: a general group with more than a 100 members where you can ask any questions.
    
*   Several groups by countries/languages: #SimpleX-DE (German), #SimpleX-US (US/English), #SimpleX-France, #SimpleX-RU (Russian), #SimpleX-NL (Netherlands/Dutch), #SimpleX-IT (Italian).
    

You can join these groups either by opening these links in the app or by opening them in desktop browser and scanning QR code.

Let me know if you'd like to add some other countries to the list. Join via the apps to share what's going on and ask any questions!

**Auto-accept contact requests**

    

When somebody connects to you via your long-term address you have to manually accept a connection request (it shows in blue color in the list of chats). The feature that we added in this release allows to configure the app to accept contact requests automatically, and also choose whether this contact should receive your main profile or a random incognito profile (independent of the current app setting), and add an optional auto-reply message.

This feature is useful if you publish your address on your webpage or social profile, and do not want to screen people who want to connect to you. You may want to send a standard welcome message, for example, if it is an online store, and you need to share any information with everybody who contacts you.

Our @simplex account that you connect to when you choose "Connect to developers" in the app used this feature for a long time, and now it is available to mobile app users.

**Some small things**

1.  Changing group member role is a very basic feature, but it was only added in this release.
    
2.  You can now mark a conversation as unread, for example if you accidentally marked all messages as read and you want to review it later.
    
3.  Send stickers and GIFs from Android keyboards, and, finally, the bug with backspace button is resolved as well.
    

**Change your delivery address (BETA)**

To manually switch any of your contacts (or a group member to a new server address) enable Developer tools and choose "Change receiving address" on the contact page. As long as they run a new version of the app and online, the switch should only take a few seconds.

That is a major improvement of metadata privacy of SimpleX protocols, because previously, while we didn't have user identifiers, the pairwise identifiers of messaging queues used to deliver messages were used for as long as the contact existed. Now these identifiers are temporary, and in a near future we will be adding automatic rotation of these delivery addresses.

It is also useful when you want to migrate message delivery to another server, for example, if you used SimpleX Chat default servers and now want to self-host your own. Or, maybe, you need to change the address of your server. Previously it would require creating new contacts and losing conversation histories, and now all you have to do is to change server configuration in the app, and when the change of the address is triggered (currently, only manually, and in the near future - automatically), your contacts will be migrated to a new server, without you doing anything - it only requires each party sending 2 messages to negotiate the reconnection, and it would also rotate the encryption keys used for the outer layer of E2E encryption.

**Receive images and small files faster (BETA)**

From version 4.2 all files smaller than ~92kb (equal to 6 message blocks) will be sent in the same connection where you have the chat, and files smaller than ~231kb (the limit for image size) can also be optionally received via the same connection – the latter requires enabling "Transfer images faster" in Privacy & security settings (it will be available after you enable Developer tools). There are two reasons why it is not on by default yet: 1) we wanted to ensure it is stable; 2) there is a small effect on metadata privacy of having a burst of traffic in the same connection where you are having the main conversation.

This functionality was created for the future voice messages, as they need to be sent without acceptance, so that the recipients can listen to them even when the sender is offline.

**SimpleX platform**

Some links to answer the most common questions:

How can SimpleX deliver messages without user identifiers.

What are the risks to have identifiers assigned to the users.

Technical details and limitations.

How SimpleX is different from Session, Matrix, Signal, etc..

Please also see the information on our new website - it also answers all these questions.

**Help us with donations**

Huge thank you to everybody who donated to SimpleX Chat!

We are prioritizing users privacy and security - it would be impossible without your support.

Our pledge to our users is that SimpleX protocols are and will remain open, and in public domain, - so anybody can build the future implementations of the clients and the servers. We are building SimpleX platform based on the same principles as email and web, but much more private and secure.

Your donations help us raise more funds – any amount, even the price of the cup of coffee, makes a big difference for us.

It is possible to donate via:

*   GitHub - it is commission-free for us.
*   OpenCollective - it charges a commission, and also accepts donations in many crypto-currencies.
*   Monero wallet: 8568eeVjaJ1RQ65ZUn9PRQ8ENtqeX9VVhcCYYhnVLxhV4JtBqw42so2VEUDQZNkFfsH5sXCuV7FN8VhRQ21DkNibTZP57Qt
*   Bitcoin wallet: 1bpefFkzuRoMY3ZuBbZNZxycbg7NYPYTG
*   please let us know, via GitHub issue or chat, if you want to make a donation in some other cryptocurrency - we will add the address to the list.

Thank you,

Evgeny

SimpleX Chat founder

CVE-2022-45195: Security assessment by Trail of Bits, the new website and v4.2 released

Military veterans tend to have the kind of skills that would make them effective cybersecurity professionals, but making the transition is not that easy.

Organizations are struggling to fill cybersecurity positions. That may be because they aren't utilizing security staff efficiently and so they need more people. It could also just be that the increase in threats means there is more work to be done. For whatever reason, organizations are casting a wider net to find talented and skilled professionals to staff up their security teams, and they are increasingly courting former military personnel.

"The level of training these individuals receive to protect our most critical infrastructure and carry out cyber operations against our adversaries goes far beyond most private sector offerings and is highly transferable to a career in the private sector," Carl Wright, chief commercial officer at AttackIQ, told Dark Reading earlier this year.

As an employee group, veterans exhibit characteristics that make them particularly well-suited for the cybersecurity workforce, the National Institute for Standards and Technology wrote in a special publication (SP1500-16) on helping veterans transition into private IT sector roles. "Their military experience has provided them with years of cybersecurity experience in 'live fire' scenarios, working on systems comparable to those found in the civilian work environment," according to the document. Veterans already possessing security clearances will also be very attractive as job candidates.

They may also have the requisite security certifications. Vendor-neutral certifications are particularly ubiquitous among military personnel, according to the most recent Cybersecurity Workforce Study from (ISC)2.

However, many veterans find making that switch from the military to private sector can be difficult. Veteran-hiring initiatives exist, both inside and outside of industry, but many of these programs are not discovered until too late, NIST said. "Veterans may not find information about these programs, may not see how their military experience translates to job-readiness in the private sector, or may need assistance in gaining certifications necessary to qualify for some private-sector cybersecurity roles," NIST said.

Veterans who did not work in cybersecurity while in the military still have valuable skills that they bring to the field, however. The military emphasizes teamwork, adaptability, and responsibility, all traits that security professionals need to have. Military personnel are also trained in careful decision-making even under extreme pressure using the available information. For example, Josh Smith, a cybersecurity analyst at Nuspire, told Dark Reading earlier this year how the same skills he relied on in the US Navy to ingest data, analyze what was received, disseminate the information to appropriate parties, and take action based on the findings translate to cybersecurity roles.

Earlier this year, the White House National Cyber Workforce and Education Summit issued a call to action to increase cybersecurity education and training opportunities. One of the announcements was to encourage more apprenticeship programs to help develop and train the cybersecurity workforce. In the months since, there have been a number of initiatives from cybersecurity organizations, including SANS Institute.

Many colleges and universities have training programs specifically to give veterans hands-on experience in various areas. Cybersecurity training platform Cybrary said this week it is partnering with VetSec, a community of over 3,300 veterans working in or transitioning into cybersecurity, and TechVets, a bridge service for moving veterans, service leavers, reservists, and their families into IT careers.

Private companies are partnering with veterans' organizations as well. For example, consulting giant Accenture offers a military veteran technology program, as does networking titan Cisco. Microsoft Software and Systems Academy (MSSA) was created to provide transitioning service members and veterans with career skills needed in the modern tech industry. Arctic Wolf, for example, works with the Department of Defense's SkillBridge program to provide a path to reentry into the workforce for those leaving the military.

Such efforts seem to be paying off. According to the US Department of Labor, unemployment among veterans is running nearly a full percentage point below the general population; in October 2022, only 2.7% of veterans were unemployed, compared to 3.6% overall.

Why Cybersecurity Should Highlight Veteran-Hiring Programs

Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated accordingly (with warning shields). Therefore a malicious homeserver could inject messages into the room without the user being alerted that the messages were not sent by a verified group member, even if the user has previously verified all group members. This issue has been patched in Element iOS 1.9.7. There are currently no known workarounds.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    
    *   Explore
    *   All features
    *   Documentation
    *   GitHub Skills
    *   Blog
    
*   *   By Plan
    *   Enterprise
    *   Teams
    *   Compare all
    
    *   By Solution
    *   CI/CD & Automation
    *   DevOps
    *   DevSecOps
    
    *   Case Studies
    *   Customer Stories
    *   Resources
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
    *   Repositories
    *   Topics
    *   Trending
    *   Collections
    
*   Pricing

CVE-2022-41904: Release v1.9.7 · vector-im/element-ios

After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. IBM X-Force ID: 229695.

  

**Summary**

A security problem for CVE-2022-34331 was addressed where switches configured to monitor network traffic for malicious activity are not effective because of errant adapter configuration changes. The misconfigured adapter can cause network traffic to flow directly between the VFs and not out the physical port hence bypassing any possible monitoring that could be configured in the switch. Packets may not be forwarded after a firmware update, or after certain error scenarios which require an adapter reset. Users configuring or using VEPA mode should install this update. These fixes pertain to adapters with the following Feature Codes and CCINs: #EC2R/EC2S with CCIN 58FA; #EC2T/EC2U with CCIN 58FB; and #EC66/EC67 with CCIN 2CF3. Update instructions: https://www.ibm.com/docs/en/power10?topic=updates-sr-iov-firmware-update

**Vulnerability Details**

**CVEID:**   CVE-2022-34331  
**DESCRIPTION:**   After performing a sequence of Power FW maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled.  
CVSS Base score: 5.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229695 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L)

**Affected Products and Versions**

Affected Product(s)

Version(s)

PowerVM Hypervisor

FW1010 and later

PowerVM Hypervisor

FW950 and later

  

**Remediation/Fixes**

Customers with the products below should install FW950.50(950\_105), FW1010.40(1010\_146) or newer to remediate this concern.

Power 9

1) IBM Power System S922 (9009-22A, 9009-22G)

2) IBM Power System H922 (9223-22H, 9223-22S)

3) IBM Power System S914 (9009-41A, 9009-41G)

4) IBM Power System S924 (9009-42A, 9009-42G)

5) IBM Power System H924 (9223-42H, 9223-42S)

6) IBM Power System E950 (9040-MR9)

7) IBM Power System E980 (9080-M9S)

Power 10

1) IBM Power System E1080 (9080-HEX)

**Workarounds and Mitigations**

None

**References**

Off

**Change History**

20 Oct 2022: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"HW1A1","label":"Power Systems"},"Component":"","Platform":\[{"code":"PF009","label":"Firmware"}\],"Version":"all","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}}\]

CVE-2022-34331: Security Bulletin: This Power System update is being released to address CVE 2022-34331

Time-of-check time-of-use race condition in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**2022.3 IPU – BIOS Advisory**

**Summary: **

Potential security vulnerabilities in the BIOS firmware for some Intel® Processors may allow escalation of privilege.  Intel is releasing firmware updates to mitigate these potential vulnerabilities.

**Vulnerability Details:**

CVEID: CVE-2022-26006

Description: Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2022-21198

Description: Time-of-check time-of-use race condition in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.9 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

**Affected Products:**

CVE-2022-26006

**Product Collection**

**Vertical Segment**

**CPU ID**

**Platform ID**

Intel® Xeon® Processor E5 v3 Family

Server

306F2

6F

Intel® Xeon® Processor E5 v4 Family,  
Intel® Core™ X-Series Processors

Server

406F1

EF

_1This product has met its End of Servicing Updates (ESU).  For customers interested in extending updates beyond ESU, please contact your Intel representative for details._

CVE-2022-21198

**Product Collection**

**Vertical Segment**

**CPU ID**

**Platform ID**

11th Gen Intel® Core™ processor

Intel® Xeon® W processor

Server, Workstation

A0671

02

11th Gen Intel® Core™ processor family

Desktop

A0671

02

11th Generation Intel® Core Processor Family

Mobile

806D1

806C1

806C2

C2

80

12th Generation Intel® Core™ Processor Family

Intel® Pentium® Gold Processor Family

Intel® Celeron® Processor Family

Desktop

90672

90675

01

12th Generation Intel® Core Processor Family

Mobile

906A3  
906A4

11

12th Generation Intel® Core™ Processor Family

Intel® Pentium® Gold Processor Family

Intel® Celeron® Processor Family

Mobile

906A4

07

10th Generation Intel® Core™ Processor Family

Mobile

706E5

80

Intel® Core™ Processors with Intel® Hybrid Technology

Mobile

806A1

10

Intel® Pentium® Silver N6000 Processor Family, Intel® Celeron® N4000 and N5000 Processor Families

Desktop,

Mobile

906C0

01

10th Generation Intel® Core™ Processors

Desktop,

Workstation

A0653

A0655

22

10th Generation Intel® Core™ Processors

Intel® Xeon® W processor family

Mobile,

Workstation

A0660

A0661

80

10th Generation Intel® Core™ Processor Family

Intel® Xeon® W processor family

Mobile,

Workstation

A0652

20

10th Gen Intel® Core™ processor

10000/1200 series

Pentium® Gold processor series

Celeron® processor 5000 series

Mobile

806EC

94

**Recommendations:**

Intel recommends that users of listed Intel® Processors update to the latest versions provided by the system manufacturer that addresses these issues.

**Acknowledgements:**

These  issues were found internally by Intel employees.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

11/08/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-21198: INTEL-SA-00688

Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® NUC Firmware Advisory**

Intel ID:

INTEL-SA-00752

Advisory Category:

Firmware

Impact of vulnerability:

Escalation of Privilege, Denial of Service

Severity rating:

HIGH

Original release:

11/08/2022

Last revised:

11/08/2022

**Summary: **

Potential security vulnerabilities in some Intel® NUC BIOS firmware may allow escalation of privilege or denial of service.  Intel is releasing firmware updates to mitigate these potential vulnerabilities.

**Vulnerability Details:**

CVEID: CVE-2021-33164

Description: Improper access control in BIOS firmware for some Intel(R) NUCs before version INWHL357.0046 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2022-33176

Description: Improper input validation in BIOS firmware for some Intel(R) NUC 11 Performance kits and Intel(R) NUC 11 Performance Mini PCs before version PATGL357.0042 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2022-37345

Description: Improper authentication in BIOS firmware for some Intel(R) NUC Kits before version RY0386 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.8 High

CVSS Vector:  CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2022-21794

Description: Improper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits before version HN0067 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.7 High

CVSS Vector:  CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CVEID: CVE-2022-34152

Description: Improper input validation in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Kits before version TY0070 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.7 High

CVSS Vector:  CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CVEID: CVE-2022-32569

Description: Improper buffer restrictions in BIOS firmware for some Intel(R) NUC M15 Laptop Kits before version BCTGL357.0074 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.5 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2022-36789

Description: Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.5 High

CVSS Vector:  CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2022-35276

Description: Improper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357.0096 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.5 High

CVSS Vector:  CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2022-38099

Description: Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.5 High

CVSS Vector:  CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2022-26124

Description: Improper buffer restrictions in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC 8 Boards, Intel(R) NUC 8 Rugged Boards and Intel(R) NUC 8 Rugged Kits before version CHAPLCEL.0059 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.5 High

CVSS Vector:  CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2022-36370

Description: Improper authentication in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.5 High

CVSS Vector:  CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2022-37334

Description: Improper initialization in BIOS firmware for some Intel(R) NUC 11 Pro Kits and Intel(R) NUC 11 Pro Boards before version TNTGL357.0064 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.0 High

CVSS Vector:  CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2022-36349

Description: Insecure default variable initialization in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 5.2 Medium

CVSS Vector:  CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

Affected Products:  

Product

Download Link

CVE ID

Intel® NUC Mini PC NUC8i7INH and NUC8i5INH.

INWHL357.0046

CVE-2021-33164

Intel® NUC 11 Performance kit – NUC11PAHi70Z, NUC11PAHi50Z, NUC11PAHi30Z, NUC11PAHi3, NUC11PAHi5, NUC11PAHi7, NUC11PAKi3, NUC11PAKi5, NUC11PAKi7.

Intel® NUC 11 Performance Mini PC - NUC11PAQi50WA, NUC11PAQi70QA.

BIOS Update \[PATGL357\]

CVE-2022-33176

Intel® NUC Kit - NUC5i3RYH, NUC5i7RYH, NUC5i5RYK, NUC5i5RYH, NUC5i3RYK, NUC5i5RYHS, NUC5i3RYHS, NUC5i3RYHSN.

BIOS Update \[RYBDWi35\]

CVE-2022-37345

Intel® NUC Kit - NUC8i7HNK, NUC8i7HVK.

Intel® NUC 8 Enthusiast - NUC8i7HVKVA, NUC8i7HVKVAW.

Intel® NUC 8 Business - NUC8i7HNKQC.

BIOS Update \[HNKBLi70\]

CVE-2022-21794

Intel® NUC Kit - DE3815TYKHE.

Intel® NUC Board - DE3815TYBE.

BIOS Update \[TYBYT10H\]

CVE-2022-34152

Intel® NUC M15 Laptop Kit

BIOS Update for the Intel® NUC M15 Laptop Kit

CVE-2022-32569

Intel® NUC 10 Performance kit - NUC10i7FNHN, NUC10i5FNKN, NUC10i5FNHN, NUC10i7FNKN, NUC10i3FNHN, NUC10i3FNKN.

Intel® NUC 10 Performance Mini PC - NUC10i5FNHJA, NUC10i3FNHF, NUC10i7FNKPA, NUC10i5FNHCA, NUC10i3FNHFA, NUC10i5FNHJ, NUC10i7FNHC, NUC10i7FNHJA, NUC10i3FNHJA, NUC10i3FNK, NUC10i7FNHAA, NUC10i5FNH, NUC10i5FNK, NUC10i7FNH, NUC10i5FNHF, NUC10i5FNKPA, NUC10i3FNH, NUC10i7FNK, NUC10i7FNKP, NUC10i5FNKP.

BIOS Update \[FNCML357\]

CVE-2022-36789

Intel® NUC 8 Compute Element - CM8i7CB, CM8i3CB, CM8CCB, CM8i5CB, CM8PCB.

BIOS Update \[CBWHL357\]

CVE-2022-35276

Intel® NUC 8 Rugged Kit NUC8CCHKRN, NUC8CCHKR.

Intel® NUC 8 Rugged Board - NUC8CCHBN.

Intel® NUC Board - NUC8CCHB.

BIOS Update \[CHAPLCEL\]

CVE-2022-26124

Intel® NUC Board - NUC5i3MYBE.

Intel® NUC Kit - NUC5i3MYHE.

BIOS Update \[MYBDWi30\]

CVE-2022-36370

Intel® NUC 11 Pro Kit - NUC11TNHi70Z, NUC11TNKi70Z, NUC11TNKi30Z, NUC11TNHi30Z, NUC11TNKi50Z, NUC11TNHi50Z, NUC11TNBi30Z, NUC11TNBi50Z, NUC11TNBi70Z, NUC11TNHi3, NUC11TNHi5.

BIOS Update \[TNTGL357\]

CVE-2022-37334

Intel® NUC Board - NUC5i3MYBE.

Intel® NUC Kit - NUC5i3MYHE.

BIOS Update \[MYBDWi30\]

CVE-2022-36349

**Recommendations:**

Intel recommends updating the affected Intel® NUC BIOS firmware to the latest version (see provided table above).

**Acknowledgements:**

The following issues were found internally by Intel employees; CVE-2021-33164 and CVE-2022-37334. Intel would like to thank Benny Zeltser, Yehonatan Lusky (CVE-2021-33164) and Brent Holtsclaw (CVE-2022-37334).

Intel would like to thank Yngweijw (Jiawei Yin) (CVE-2022-33176, CVE-2022-37345, CVE-2022-21794, CVE-2022-34152, CVE-2022-36789, CVE-2022-35276, CVE-2022-36370), the BINARLY efiXplorer team (CVE-2022-32569), Dmitry Frolov (CVE-2022-26124, CVE-2022-38099) and the TCG Vulnerability Response Team (CVE-2022-36349).

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

11/08/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

Tag

#ios