SB2019112707 - Multiple vulnerabilities in several Intel processors

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019112707

SB2019112707 - Multiple vulnerabilities in several Intel processors

Published: November 27, 2019 Updated: December 11, 2019

Security Bulletin ID SB2019112707
Severity
Low
Patch available
NO
Number of vulnerabilities 6
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-0124)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient memory protection, when supporting TXT. A local user can enable escalation of privilege on the target system.


2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-0123)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient memory protection, when supporting SGX. A local user can enable escalation of privilege on the target system.


3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-0152)

The vulnerability allows a local user to escalate privileges on the target system.

The vulnerability exists due to insufficient memory protection in System Management Mode (SMM) and Intel(R) TXT. A local user can escalate privileges on the target system.


4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-0151)

The vulnerability allows a local user to escalate privileges on the target system.

The vulnerability exists due to insufficient memory protection in Intel TXT. A local user can escalate privileges on the target system.


5) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2019-11157)

The vulnerability allows a local user to escalate privileges on the target system.

The vulnerability exists due to improper conditions check in voltage settings. A local user can enable escalation of privilege and/or information disclosure on the target system.


6) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2019-14607)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper conditions check. A local user can enable partial escalation of privilege and cause a denial of service and/or information disclosure on the target system.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References