Multiple vulnerabilities in several Intel processors

Published: 2019-11-27 | Updated: 2019-12-11

Risk	Low
Patch available	NO
Number of vulnerabilities	6
CVE-ID	CVE-2019-0124 CVE-2019-0123 CVE-2019-0152 CVE-2019-0151 CVE-2019-11157 CVE-2019-14607
CWE-ID	CWE-264 CWE-703
Exploitation vector	Local
Public exploit	N/A
Vulnerable software Subscribe	6th Generation Intel Core Processors Hardware solutions / Firmware 7th Generation Intel Core Processors Hardware solutions / Firmware 8th Generation Intel Core Processors Hardware solutions / Firmware 10th Generation Intel Core Processors Hardware solutions / Firmware Intel Xeon Processor E3 v5 Family Hardware solutions / Firmware Intel Xeon Processor E3 v6 Family Hardware solutions / Firmware Intel Xeon Processor E-2100 Family Hardware solutions / Firmware Intel Xeon Processor E-2200 Family Hardware solutions / Firmware 2nd Generation Intel Xeon Scalable Processors Hardware solutions / Firmware Intel Xeon Processor D 2100 Hardware solutions / Firmware Intel Xeon Processor D 3100 Hardware solutions / Firmware Intel Xeon Processor W 2100 Hardware solutions / Firmware Intel Xeon Processor W 3100 Hardware solutions / Firmware 4th generation Intel Core processors Hardware solutions / Firmware 5th generation Intel Core processors Hardware solutions / Firmware Intel vPro Eligible Processors Hardware solutions / Firmware Intel Xeon Processor E3 v2 Family Hardware solutions / Firmware Intel Xeon Processor E3 v3 Family Hardware solutions / Firmware Intel Xeon Processor E3 v4 Family Hardware solutions / Firmware Intel Xeon Processor E5 v2 Family Hardware solutions / Firmware Intel Xeon Processor E5 v3 Family Hardware solutions / Firmware Intel Xeon Processor E5 v4 Family Hardware solutions / Firmware Intel Xeon Processor E7 v2 Family Hardware solutions / Firmware Intel Xeon Processor E7 v3 Family Hardware solutions / Firmware Intel Xeon Processor E7 v4 Family Hardware solutions / Firmware Intel Xeon Processor D 1500 Hardware solutions / Firmware Intel Xeon Processor E Family Hardware solutions / Firmware Intel Celeron Processor G Series Hardware solutions / Firmware Intel Xeon D Processors Hardware solutions / Firmware Intel Xeon W Processors Hardware solutions / Firmware 8th Generation Intel Core i9 Hardware solutions / Firmware 9th Generation Intel Core i9 Hardware solutions / Firmware 9th Generation Intel Core Processors Client/Desktop applications / Web browsers Intel Xeon Scalable Processors Hardware solutions / Other hardware appliances
Vendor	Intel

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

Updated 29.11.2019

Added vulnerabilities #3-4

Updated 11.12.2019

Added vulnerabilities #5-6

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU23016

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-0124

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient memory protection, when supporting TXT. A local user can enable escalation of privilege on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

6th Generation Intel Core Processors: All versions

7th Generation Intel Core Processors: All versions

8th Generation Intel Core Processors: All versions

9th Generation Intel Core Processors: All versions

10th Generation Intel Core Processors: All versions

Intel Xeon Processor E3 v5 Family: All versions

Intel Xeon Processor E3 v6 Family: All versions

Intel Xeon Processor E-2100 Family: All versions

Intel Xeon Processor E-2200 Family: All versions

CPE2.3

cpe:2.3:h:intel:6th_generation_intel_core_processors:*:*:*:*:*:*:*:*

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00220.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU23015

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-0123

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient memory protection, when supporting SGX. A local user can enable escalation of privilege on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

6th Generation Intel Core Processors: All versions

7th Generation Intel Core Processors: All versions

8th Generation Intel Core Processors: All versions

9th Generation Intel Core Processors: All versions

10th Generation Intel Core Processors: All versions

Intel Xeon Processor E3 v5 Family: All versions

Intel Xeon Processor E3 v6 Family: All versions

Intel Xeon Processor E-2100 Family: All versions

Intel Xeon Processor E-2200 Family: All versions

CPE2.3

cpe:2.3:h:intel:6th_generation_intel_core_processors:*:*:*:*:*:*:*:*

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00220.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU23090

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-0152

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the target system.

The vulnerability exists due to insufficient memory protection in System Management Mode (SMM) and Intel(R) TXT. A local user can escalate privileges on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Intel Xeon Scalable Processors: All versions

2nd Generation Intel Xeon Scalable Processors: All versions

Intel Xeon Processor D 2100: All versions

Intel Xeon Processor D 3100: All versions

Intel Xeon Processor W 2100: All versions

Intel Xeon Processor W 3100: All versions

CPE2.3

cpe:2.3:h:intel:intel_xeon_scalable_processors:*:*:*:*:*:*:*:*

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00240.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU23089

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-0151

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the target system.

The vulnerability exists due to insufficient memory protection in Intel TXT. A local user can escalate privileges on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

4th generation Intel Core processors: All versions

5th generation Intel Core processors: All versions

6th Generation Intel Core Processors: All versions

7th Generation Intel Core Processors: All versions

8th Generation Intel Core Processors: All versions

Intel vPro Eligible Processors: All versions

Intel Xeon Processor E3 v2 Family: All versions

Intel Xeon Processor E3 v3 Family: All versions

Intel Xeon Processor E3 v4 Family: All versions

Intel Xeon Processor E3 v5 Family: All versions

Intel Xeon Processor E3 v6 Family: All versions

Intel Xeon Processor E5 v2 Family: All versions

Intel Xeon Processor E5 v3 Family: All versions

Intel Xeon Processor E5 v4 Family: All versions

Intel Xeon Processor E7 v2 Family: All versions

Intel Xeon Processor E7 v3 Family: All versions

Intel Xeon Processor E7 v4 Family: All versions

Intel Xeon Scalable Processors: All versions

2nd Generation Intel Xeon Scalable Processors: All versions

Intel Xeon Processor D 1500: All versions

Intel Xeon Processor D 2100: All versions

Intel Xeon Processor E-2100 Family: All versions

Intel Xeon Processor E-2200 Family: All versions

Intel Xeon Processor W 2100: All versions

Intel Xeon Processor W 3100: All versions

CPE2.3

cpe:2.3:h:intel:4th_generation_intel_core_processors:*:*:*:*:*:*:*:*

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00240.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Improper Check or Handling of Exceptional Conditions

EUVDB-ID: #VU23542

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-11157

CWE-ID: CWE-703 - Improper Check or Handling of Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the target system.

The vulnerability exists due to improper conditions check in voltage settings. A local user can enable escalation of privilege and/or information disclosure on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

6th Generation Intel Core Processors: All versions

7th Generation Intel Core Processors: All versions

8th Generation Intel Core Processors: All versions

9th Generation Intel Core Processors: All versions

10th Generation Intel Core Processors: All versions

Intel Xeon Processor E Family: All versions

Intel Xeon Processor E3 v5 Family: All versions

Intel Xeon Processor E3 v6 Family: All versions

Intel Xeon Processor E-2100 Family: All versions

Intel Xeon Processor E-2200 Family: All versions

Intel Celeron Processor G Series: All versions

CPE2.3

cpe:2.3:h:intel:6th_generation_intel_core_processors:*:*:*:*:*:*:*:*

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00289.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Improper Check or Handling of Exceptional Conditions

EUVDB-ID: #VU23547

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-14607

CWE-ID: CWE-703 - Improper Check or Handling of Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper conditions check. A local user can enable partial escalation of privilege and cause a denial of service and/or information disclosure on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

2nd Generation Intel Xeon Scalable Processors: All versions

Intel Xeon Scalable Processors: All versions

Intel Xeon D Processors: All versions

Intel Xeon W Processors: All versions

8th Generation Intel Core i9: All versions

9th Generation Intel Core i9: All versions

Intel Xeon Processor E3 v5 Family: All versions

Intel Xeon Processor E3 v6 Family: All versions

Intel Xeon Processor E Family: All versions

6th Generation Intel Core Processors: All versions

7th Generation Intel Core Processors: All versions

8th Generation Intel Core Processors: All versions

10th Generation Intel Core Processors: All versions

CPE2.3

cpe:2.3:h:intel:2nd_generation_intel_xeon_scalable_processors:*:*:*:*:*:*:*:*

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00317.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?