CVE-2021-33060

Home/CVE/Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially ena

CVE

Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially ena

Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.

HIGH · CVSS 7.8 EPSS 0.00237

Schedule remediation

CVSS base score ≥ 7.0

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-787Out-of-bounds Write

▤

Affected Products & Versions

intel xeon gold 5315y firmwareall versions
intel xeon gold 5317 firmwareall versions
intel xeon gold 5318n firmwareall versions
intel xeon gold 5318s firmwareall versions
intel xeon gold 5318y firmwareall versions
intel xeon gold 5320 firmwareall versions
intel xeon gold 5320t firmwareall versions
intel xeon gold 6312u firmwareall versions
Show all 60 affected productsintel xeon gold 6314u firmwareall versions
intel xeon gold 6326 firmwareall versions
intel xeon gold 6330 firmwareall versions
intel xeon gold 6330n firmwareall versions
intel xeon gold 6334 firmwareall versions
intel xeon gold 6336y firmwareall versions
intel xeon gold 6338 firmwareall versions
intel xeon gold 6338n firmwareall versions
intel xeon gold 6338t firmwareall versions
intel xeon gold 6342 firmwareall versions
intel xeon gold 6346 firmwareall versions
intel xeon gold 6348 firmwareall versions
intel xeon gold 6354 firmwareall versions
intel xeon platinum 8351n firmwareall versions
intel xeon platinum 8352m firmwareall versions
intel xeon platinum 8352s firmwareall versions
intel xeon platinum 8352v firmwareall versions
intel xeon platinum 8352y firmwareall versions
intel xeon platinum 8358 firmwareall versions
intel xeon platinum 8358p firmwareall versions
intel xeon platinum 8360y firmwareall versions
intel xeon platinum 8362 firmwareall versions
intel xeon platinum 8368 firmwareall versions
intel xeon platinum 8368q firmwareall versions
intel xeon platinum 8380 firmwareall versions
intel xeon silver 4309y firmwareall versions
intel xeon silver 4310 firmwareall versions
intel xeon silver 4310t firmwareall versions
intel xeon silver 4314 firmwareall versions
intel xeon silver 4316 firmwareall versions
intel xeon gold 6330h firmwareall versions
intel xeon platinum 8356h firmwareall versions
intel xeon platinum 8360h firmwareall versions
intel xeon platinum 8360hl firmwareall versions
intel xeon gold 5318h firmwareall versions
intel xeon gold 5320h firmwareall versions
intel xeon gold 6328h firmwareall versions
intel xeon gold 6328hl firmwareall versions
intel xeon gold 6348h firmwareall versions
intel xeon platinum 8353h firmwareall versions
intel xeon platinum 8354h firmwareall versions
intel xeon platinum 8376h firmwareall versions
intel xeon platinum 8376hl firmwareall versions
intel xeon platinum 8380h firmwareall versions
intel xeon platinum 8380hl firmwareall versions
netapp aff c190 firmwareall versions
netapp aff a200 firmwareall versions
netapp aff a220 firmwareall versions
netapp aff a250 firmwareall versions
netapp aff a300 firmwareall versions
netapp aff a320 firmwareall versions
netapp aff a400 firmwareall versions

▣

Scoring & Timeline

7.8

HIGH · CVSS v3.1 · secure@intel.com

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD18 Aug 2022 · 08:15 PM

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC triage · cisa-vulnrichment

Exploitation

none

Automatable

Technical impact

total

SSVC asks the questions that actually drive patch urgency: is it being exploited, can attacks be automated, and how total is the impact.

🔗

References & Sources

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://security.netapp.com/advisory/ntap-20220930-0004/Third Party Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00686.htmlVendor Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin