Beware of Critical Flaws in Some Intel NUC Firmware Updates

CVECVE-2023-34438
CVSScvssV3_1: 7.5
SourceCVE-2023-34438

Intel NUC mini PCs are popular compact desktop computers used by many. However, according to a new security advisory, some versions of the firmware used in Intel NUC devices contain a vulnerability that could allow a local attacker to gain elevated privileges on the system.

The specific flaw tracked as CVE-2023-34438 is a race condition issue present in the BIOS firmware of an unknown subset of Intel NUC models. A race condition occurs when the execution of two processes can impact each other in unexpected ways due to the order and timing of operations. In this case, a privileged user who can access the system could potentially trigger the race condition to enable escalating their user privileges to administrator level access.

With full admin rights on the system, the attacker would then be able to install malware, view and steal sensitive files and data, make destructive changes and more. As the BIOS firmware is a low-level component that runs on startup, fixing such an issue requires an firmware update from the manufacturer.

Intel has released updates to address this vulnerability in supported NUC models. It is strongly recommended that all Intel NUC owners check for and apply any available BIOS updates from Intel immediately. You should also enable firmware passwords and consider other security measures to limit physical access to your NUC as much as possible until your system has been patched. Staying on top of security updates is crucial for protecting yourself from exploits of vulnerabilities like this one.

References