Intel publishes UEFI vulnerabilities; mitigations available, local access required

Intel has identified a range of security flaws in the UEFI for many of its products that could allow privilege escalation. It’s worth updating your device when patches arrive, and staying aware of who is near your rig for now. The most severe issues score 8.7 on the CVSS scale and stem from improper input validation, which can enable local code execution.

Though local access is required, neither of the 8.7 vulnerabilities 'involves special internal knowledge and requires no user interaction'. Requiring local access means most users aren’t immediately at risk without the update, but keeping systems current is still advisable.

Severity reflects exploit complexity and impacts on confidentiality, integrity and availability, and many reported problems remain hypothetical in nature. Intel notes it follows coordinated disclosure, which generally delays public reporting until mitigations are available.

intel, uefi, vulnerabilities, privilege escalation, cvss 8.7, input validation, local access, code execution, mitigations, coordinated disclosure