Show vulnerabilities with patch / with exploit

Multiple vulnerabilities in several Intel processors



Published: 2019-11-27 | Updated: 2019-12-11
Severity Low
Patch available NO
Number of vulnerabilities 6
CVE ID CVE-2019-0124
CVE-2019-0123
CVE-2019-0152
CVE-2019-0151
CVE-2019-11157
CVE-2019-14607
CWE ID CWE-264
CWE-703
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
6th generation Intel Core processors
Hardware solutions / Firmware

7th generation Intel Core processors
Hardware solutions / Firmware

8th generation Intel Core processors
Hardware solutions / Firmware

10th generation Intel Core processors
Hardware solutions / Firmware

Intel Xeon Processor E3 v5 Family
Hardware solutions / Firmware

Intel Xeon Processor E3 v6 Family
Hardware solutions / Firmware

Intel Xeon Processor E-2100 Family
Hardware solutions / Firmware

Intel Xeon Processor E-2200 Family
Hardware solutions / Firmware

2nd Generation Intel Xeon Scalable Processor
Hardware solutions / Firmware

Intel Xeon Processor D 2100
Hardware solutions / Firmware

Intel Xeon Processor D 3100
Hardware solutions / Firmware

Intel Xeon Processor W 2100
Hardware solutions / Firmware

Intel Xeon Processor W 3100
Hardware solutions / Firmware

4th generation Intel Core processors
Hardware solutions / Firmware

5th generation Intel Core processors
Hardware solutions / Firmware

Intel vPro Eligible Processors
Hardware solutions / Firmware

Intel Xeon Processor E3 v2 Family
Hardware solutions / Firmware

Intel Xeon Processor E3 v3 Family
Hardware solutions / Firmware

Intel Xeon Processor E3 v4 Family
Hardware solutions / Firmware

Intel Xeon Processor E5 v2 Family
Hardware solutions / Firmware

Intel Xeon Processor E5 v3 Family
Hardware solutions / Firmware

Intel Xeon Processor E5 v4 Family
Hardware solutions / Firmware

Intel Xeon Processor E7 v2 Family
Hardware solutions / Firmware

Intel Xeon Processor E7 v3 Family
Hardware solutions / Firmware

Intel Xeon Processor E7 v4 Family
Hardware solutions / Firmware

Intel Xeon Processor D 1500
Hardware solutions / Firmware

Intel Xeon Processor E Family
Hardware solutions / Firmware

Intel Celeron Processor G Series
Hardware solutions / Firmware

Intel Xeon D Processors
Hardware solutions / Firmware

Intel Xeon W Processors
Hardware solutions / Firmware

8th Generation Intel Core i9
Hardware solutions / Firmware

9th Generation Intel Core i9
Hardware solutions / Firmware

9th generation Intel Core processors
Client/Desktop applications / Web browsers

Intel Xeon Scalable Processors
Hardware solutions / Other hardware appliances

Vendor Intel

Security Advisory

Updated 29.11.2019

Added vulnerabilities #3-4
Updated 11.12.2019
Added vulnerabilities #5-6

1) Permissions, Privileges, and Access Controls

Severity: Low

CVSSv3: 6.1 [CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2019-0124

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient memory protection, when supporting TXT. A local user can enable escalation of privilege on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

6th generation Intel Core processors: -

7th generation Intel Core processors: -

8th generation Intel Core processors: -

9th generation Intel Core processors: -

10th generation Intel Core processors: -

Intel Xeon Processor E3 v5 Family: -

Intel Xeon Processor E3 v6 Family: -

Intel Xeon Processor E-2100 Family: -

Intel Xeon Processor E-2200 Family: -

CPE External links

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00220.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Permissions, Privileges, and Access Controls

Severity: Low

CVSSv3: 6.1 [CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2019-0123

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient memory protection, when supporting SGX. A local user can enable escalation of privilege on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

6th generation Intel Core processors: -

7th generation Intel Core processors: -

8th generation Intel Core processors: -

9th generation Intel Core processors: -

10th generation Intel Core processors: -

Intel Xeon Processor E3 v5 Family: -

Intel Xeon Processor E3 v6 Family: -

Intel Xeon Processor E-2100 Family: -

Intel Xeon Processor E-2200 Family: -

CPE External links

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00220.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Permissions, Privileges, and Access Controls

Severity: Low

CVSSv3: 6.1 [CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2019-0152

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the target system.

The vulnerability exists due to insufficient memory protection in System Management Mode (SMM) and Intel(R) TXT. A local user can escalate privileges on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Intel Xeon Scalable Processors: -

2nd Generation Intel Xeon Scalable Processor: -

Intel Xeon Processor D 2100: -

Intel Xeon Processor D 3100: -

Intel Xeon Processor W 2100: -

Intel Xeon Processor W 3100: -

CPE External links

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00240.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Permissions, Privileges, and Access Controls

Severity: Low

CVSSv3: 5.9 [CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2019-0151

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the target system.

The vulnerability exists due to insufficient memory protection in Intel TXT. A local user can escalate privileges on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

4th generation Intel Core processors: -

5th generation Intel Core processors: -

6th generation Intel Core processors: -

7th generation Intel Core processors: -

8th generation Intel Core processors: -

Intel vPro Eligible Processors: -

Intel Xeon Processor E3 v2 Family: -

Intel Xeon Processor E3 v3 Family: -

Intel Xeon Processor E3 v4 Family: -

Intel Xeon Processor E3 v5 Family: -

Intel Xeon Processor E3 v6 Family: -

Intel Xeon Processor E5 v2 Family: -

Intel Xeon Processor E5 v3 Family: -

Intel Xeon Processor E5 v4 Family: -

Intel Xeon Processor E7 v2 Family: -

Intel Xeon Processor E7 v3 Family: -

Intel Xeon Processor E7 v4 Family: -

Intel Xeon Scalable Processors: -

2nd Generation Intel Xeon Scalable Processor: -

Intel Xeon Processor D 1500: -

Intel Xeon Processor D 2100: -

Intel Xeon Processor E-2100 Family: -

Intel Xeon Processor E-2200 Family: -

Intel Xeon Processor W 2100: -

Intel Xeon Processor W 3100: -

CPE External links

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00240.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper Check or Handling of Exceptional Conditions

Severity: Low

CVSSv3: 5.5 [CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2019-11157

CWE-ID: CWE-703 - Improper Check or Handling of Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the target system.

The vulnerability exists due to improper conditions check in voltage settings. A local user can enable escalation of privilege and/or information disclosure on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

6th generation Intel Core processors: -

7th generation Intel Core processors: -

8th generation Intel Core processors: -

9th generation Intel Core processors: -

10th generation Intel Core processors: -

Intel Xeon Processor E Family: -

Intel Xeon Processor E3 v5 Family: -

Intel Xeon Processor E3 v6 Family: -

Intel Xeon Processor E-2100 Family: -

Intel Xeon Processor E-2200 Family: -

Intel Celeron Processor G Series: -

CPE External links

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00289.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper Check or Handling of Exceptional Conditions

Severity: Low

CVSSv3: 4.6 [CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-14607

CWE-ID: CWE-703 - Improper Check or Handling of Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper conditions check. A local user can enable partial escalation of privilege and cause a denial of service and/or information disclosure on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

2nd Generation Intel Xeon Scalable Processor: -

Intel Xeon Scalable Processors: -

Intel Xeon D Processors: -

Intel Xeon W Processors: -

8th Generation Intel Core i9: -

9th Generation Intel Core i9: -

Intel Xeon Processor E3 v5 Family: -

Intel Xeon Processor E3 v6 Family: -

Intel Xeon Processor E Family: -

6th generation Intel Core processors: -

7th generation Intel Core processors: -

8th generation Intel Core processors: -

10th generation Intel Core processors: -

CPE External links

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00317.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.