Multiple vulnerabilities in several Intel processors



Published: 2019-11-27 | Updated: 2019-12-11
Risk Low
Patch available NO
Number of vulnerabilities 6
CVE-ID CVE-2019-0124
CVE-2019-0123
CVE-2019-0152
CVE-2019-0151
CVE-2019-11157
CVE-2019-14607
CWE-ID CWE-264
CWE-703
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
6th Generation Intel Core Processors
Hardware solutions / Firmware

7th Generation Intel Core Processors
Hardware solutions / Firmware

8th Generation Intel Core Processors
Hardware solutions / Firmware

10th Generation Intel Core Processors
Hardware solutions / Firmware

Intel Xeon Processor E3 v5 Family
Hardware solutions / Firmware

Intel Xeon Processor E3 v6 Family
Hardware solutions / Firmware

Intel Xeon Processor E-2100 Family
Hardware solutions / Firmware

Intel Xeon Processor E-2200 Family
Hardware solutions / Firmware

2nd Generation Intel Xeon Scalable Processors
Hardware solutions / Firmware

Intel Xeon Processor D 2100
Hardware solutions / Firmware

Intel Xeon Processor D 3100
Hardware solutions / Firmware

Intel Xeon Processor W 2100
Hardware solutions / Firmware

Intel Xeon Processor W 3100
Hardware solutions / Firmware

4th generation Intel Core processors
Hardware solutions / Firmware

5th generation Intel Core processors
Hardware solutions / Firmware

Intel vPro Eligible Processors
Hardware solutions / Firmware

Intel Xeon Processor E3 v2 Family
Hardware solutions / Firmware

Intel Xeon Processor E3 v3 Family
Hardware solutions / Firmware

Intel Xeon Processor E3 v4 Family
Hardware solutions / Firmware

Intel Xeon Processor E5 v2 Family
Hardware solutions / Firmware

Intel Xeon Processor E5 v3 Family
Hardware solutions / Firmware

Intel Xeon Processor E5 v4 Family
Hardware solutions / Firmware

Intel Xeon Processor E7 v2 Family
Hardware solutions / Firmware

Intel Xeon Processor E7 v3 Family
Hardware solutions / Firmware

Intel Xeon Processor E7 v4 Family
Hardware solutions / Firmware

Intel Xeon Processor D 1500
Hardware solutions / Firmware

Intel Xeon Processor E Family
Hardware solutions / Firmware

Intel Celeron Processor G Series
Hardware solutions / Firmware

Intel Xeon D Processors
Hardware solutions / Firmware

Intel Xeon W Processors
Hardware solutions / Firmware

8th Generation Intel Core i9
Hardware solutions / Firmware

9th Generation Intel Core i9
Hardware solutions / Firmware

9th Generation Intel Core Processors
Client/Desktop applications / Web browsers

Intel Xeon Scalable Processors
Hardware solutions / Other hardware appliances

Vendor Intel

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

Updated 29.11.2019

Added vulnerabilities #3-4
Updated 11.12.2019
Added vulnerabilities #5-6

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU23016

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2019-0124

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient memory protection, when supporting TXT. A local user can enable escalation of privilege on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

6th Generation Intel Core Processors: All versions

7th Generation Intel Core Processors: All versions

8th Generation Intel Core Processors: All versions

9th Generation Intel Core Processors: All versions

10th Generation Intel Core Processors: All versions

Intel Xeon Processor E3 v5 Family: All versions

Intel Xeon Processor E3 v6 Family: All versions

Intel Xeon Processor E-2100 Family: All versions

Intel Xeon Processor E-2200 Family: All versions

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00220.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU23015

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2019-0123

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient memory protection, when supporting SGX. A local user can enable escalation of privilege on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

6th Generation Intel Core Processors: All versions

7th Generation Intel Core Processors: All versions

8th Generation Intel Core Processors: All versions

9th Generation Intel Core Processors: All versions

10th Generation Intel Core Processors: All versions

Intel Xeon Processor E3 v5 Family: All versions

Intel Xeon Processor E3 v6 Family: All versions

Intel Xeon Processor E-2100 Family: All versions

Intel Xeon Processor E-2200 Family: All versions

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00220.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU23090

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2019-0152

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the target system.

The vulnerability exists due to insufficient memory protection in System Management Mode (SMM) and Intel(R) TXT. A local user can escalate privileges on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Intel Xeon Scalable Processors: All versions

2nd Generation Intel Xeon Scalable Processors: All versions

Intel Xeon Processor D 2100: All versions

Intel Xeon Processor D 3100: All versions

Intel Xeon Processor W 2100: All versions

Intel Xeon Processor W 3100: All versions

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00240.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU23089

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2019-0151

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the target system.

The vulnerability exists due to insufficient memory protection in Intel TXT. A local user can escalate privileges on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

4th generation Intel Core processors: All versions

5th generation Intel Core processors: All versions

6th Generation Intel Core Processors: All versions

7th Generation Intel Core Processors: All versions

8th Generation Intel Core Processors: All versions

Intel vPro Eligible Processors: All versions

Intel Xeon Processor E3 v2 Family: All versions

Intel Xeon Processor E3 v3 Family: All versions

Intel Xeon Processor E3 v4 Family: All versions

Intel Xeon Processor E3 v5 Family: All versions

Intel Xeon Processor E3 v6 Family: All versions

Intel Xeon Processor E5 v2 Family: All versions

Intel Xeon Processor E5 v3 Family: All versions

Intel Xeon Processor E5 v4 Family: All versions

Intel Xeon Processor E7 v2 Family: All versions

Intel Xeon Processor E7 v3 Family: All versions

Intel Xeon Processor E7 v4 Family: All versions

Intel Xeon Scalable Processors: All versions

2nd Generation Intel Xeon Scalable Processors: All versions

Intel Xeon Processor D 1500: All versions

Intel Xeon Processor D 2100: All versions

Intel Xeon Processor E-2100 Family: All versions

Intel Xeon Processor E-2200 Family: All versions

Intel Xeon Processor W 2100: All versions

Intel Xeon Processor W 3100: All versions

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00240.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper Check or Handling of Exceptional Conditions

EUVDB-ID: #VU23542

Risk: Low

CVSSv3.1: 5.5 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2019-11157

CWE-ID: CWE-703 - Improper Check or Handling of Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the target system.

The vulnerability exists due to improper conditions check in voltage settings. A local user can enable escalation of privilege and/or information disclosure on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

6th Generation Intel Core Processors: All versions

7th Generation Intel Core Processors: All versions

8th Generation Intel Core Processors: All versions

9th Generation Intel Core Processors: All versions

10th Generation Intel Core Processors: All versions

Intel Xeon Processor E Family: All versions

Intel Xeon Processor E3 v5 Family: All versions

Intel Xeon Processor E3 v6 Family: All versions

Intel Xeon Processor E-2100 Family: All versions

Intel Xeon Processor E-2200 Family: All versions

Intel Celeron Processor G Series: All versions

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00289.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper Check or Handling of Exceptional Conditions

EUVDB-ID: #VU23547

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-14607

CWE-ID: CWE-703 - Improper Check or Handling of Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper conditions check. A local user can enable partial escalation of privilege and cause a denial of service and/or information disclosure on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

2nd Generation Intel Xeon Scalable Processors: All versions

Intel Xeon Scalable Processors: All versions

Intel Xeon D Processors: All versions

Intel Xeon W Processors: All versions

8th Generation Intel Core i9: All versions

9th Generation Intel Core i9: All versions

Intel Xeon Processor E3 v5 Family: All versions

Intel Xeon Processor E3 v6 Family: All versions

Intel Xeon Processor E Family: All versions

6th Generation Intel Core Processors: All versions

7th Generation Intel Core Processors: All versions

8th Generation Intel Core Processors: All versions

10th Generation Intel Core Processors: All versions

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00317.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###