Login Sign Up

CVE-2022-29919

7.8 HIGH

📋 TL;DR

CVE-2022-29919 is a use-after-free vulnerability in Intel VROC (Virtual RAID on CPU) software that allows authenticated local users to potentially escalate privileges. This affects systems running Intel VROC software before version 7.7.6.1003. The vulnerability requires local access and authentication to exploit.

💻 Affected Systems

Products:
  • Intel Virtual RAID on CPU (VROC) software
Versions: All versions before 7.7.6.1003
Operating Systems: Windows, Linux (specific distributions supporting Intel VROC)
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with Intel VROC software installed. Requires local authenticated access.

📦 What is this software?

Virtual Raid On Cpu by Intel

View all CVEs affecting Virtual Raid On Cpu →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker gains full system administrator privileges, potentially compromising the entire system and accessing sensitive data.

🟠

Likely Case

Privileged local user escalates to higher privileges, enabling unauthorized system modifications or data access.

🟢

If Mitigated

With proper access controls and patching, the attack surface is limited to authorized users only, reducing overall risk.

🌐 Internet-Facing: LOW - Requires local access and authentication, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Local authenticated users could exploit this, but requires specific Intel VROC software presence.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local authenticated access. No public exploit code available at time of advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.7.6.1003 or later

Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00692.html

Restart Required: Yes

Instructions:

1. Download Intel VROC version 7.7.6.1003 or later from Intel's website. 2. Backup system. 3. Run installer with administrative privileges. 4. Restart system as prompted.

🔧 Temporary Workarounds

Restrict local access

all

Limit local user access to systems with Intel VROC software installed

Disable Intel VROC if not needed

all

Remove or disable Intel VROC software if RAID functionality is not required

🧯 If You Can't Patch

  • Implement strict access controls to limit local user access to affected systems
  • Monitor for suspicious privilege escalation attempts and system modifications

🔍 How to Verify

Check if Vulnerable:

Check Intel VROC software version via system information or vendor tools

Check Version:

On Windows: Check Programs and Features. On Linux: Check package manager or vendor tools.

Verify Fix Applied:

Verify Intel VROC version is 7.7.6.1003 or higher after update

📡 Detection & Monitoring

Log Indicators:

  • Unexpected privilege escalation events
  • Intel VROC service crashes or unusual behavior
  • Failed authentication attempts followed by successful privilege changes

Network Indicators:

  • Local system calls to Intel VROC components with privilege changes

SIEM Query:

EventID=4688 OR ProcessName contains 'VROC' AND (PrivilegeList contains 'SeDebugPrivilege' OR NewProcessName contains 'cmd.exe')

📊 Metadata

CVE ID: CVE-2022-29919
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-416
Published: May 10, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-29919, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)