Multiple vulnerabilities in several Intel processors
| Risk | Low |
| Patch available | NO |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2019-0124 CVE-2019-0123 CVE-2019-0152 CVE-2019-0151 CVE-2019-11157 CVE-2019-14607 |
| CWE-ID | CWE-264 CWE-703 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
6th Generation Intel Core Processors Hardware solutions / Firmware 7th Generation Intel Core Processors Hardware solutions / Firmware 8th Generation Intel Core Processors Hardware solutions / Firmware 10th Generation Intel Core Processors Hardware solutions / Firmware Intel Xeon Processor E3 v5 Family Hardware solutions / Firmware Intel Xeon Processor E3 v6 Family Hardware solutions / Firmware Intel Xeon Processor E-2100 Family Hardware solutions / Firmware Intel Xeon Processor E-2200 Family Hardware solutions / Firmware 2nd Generation Intel Xeon Scalable Processors Hardware solutions / Firmware Intel Xeon Processor D 2100 Hardware solutions / Firmware Intel Xeon Processor D 3100 Hardware solutions / Firmware Intel Xeon Processor W 2100 Hardware solutions / Firmware Intel Xeon Processor W 3100 Hardware solutions / Firmware 4th generation Intel Core processors Hardware solutions / Firmware 5th generation Intel Core processors Hardware solutions / Firmware Intel vPro Eligible Processors Hardware solutions / Firmware Intel Xeon Processor E3 v2 Family Hardware solutions / Firmware Intel Xeon Processor E3 v3 Family Hardware solutions / Firmware Intel Xeon Processor E3 v4 Family Hardware solutions / Firmware Intel Xeon Processor E5 v2 Family Hardware solutions / Firmware Intel Xeon Processor E5 v3 Family Hardware solutions / Firmware Intel Xeon Processor E5 v4 Family Hardware solutions / Firmware Intel Xeon Processor E7 v2 Family Hardware solutions / Firmware Intel Xeon Processor E7 v3 Family Hardware solutions / Firmware Intel Xeon Processor E7 v4 Family Hardware solutions / Firmware Intel Xeon Processor D 1500 Hardware solutions / Firmware Intel Xeon Processor E Family Hardware solutions / Firmware Intel Celeron Processor G Series Hardware solutions / Firmware Intel Xeon D Processors Hardware solutions / Firmware Intel Xeon W Processors Hardware solutions / Firmware 8th Generation Intel Core i9 Hardware solutions / Firmware 9th Generation Intel Core i9 Hardware solutions / Firmware 9th Generation Intel Core Processors Client/Desktop applications / Web browsers Intel Xeon Scalable Processors Hardware solutions / Other hardware appliances |
| Vendor | Intel |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
Updated 29.11.2019
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU23016
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-0124
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient memory protection, when supporting TXT. A local user can enable escalation of privilege on the target system.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions6th Generation Intel Core Processors: All versions
7th Generation Intel Core Processors: All versions
8th Generation Intel Core Processors: All versions
9th Generation Intel Core Processors: All versions
10th Generation Intel Core Processors: All versions
Intel Xeon Processor E3 v5 Family: All versions
Intel Xeon Processor E3 v6 Family: All versions
Intel Xeon Processor E-2100 Family: All versions
Intel Xeon Processor E-2200 Family: All versions
CPE2.3- cpe:2.3:h:intel:6th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:7th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:8th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:9th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e3_v5_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e3_v6_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e-2100_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e-2200_family:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00220.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU23015
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-0123
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient memory protection, when supporting SGX. A local user can enable escalation of privilege on the target system.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions6th Generation Intel Core Processors: All versions
7th Generation Intel Core Processors: All versions
8th Generation Intel Core Processors: All versions
9th Generation Intel Core Processors: All versions
10th Generation Intel Core Processors: All versions
Intel Xeon Processor E3 v5 Family: All versions
Intel Xeon Processor E3 v6 Family: All versions
Intel Xeon Processor E-2100 Family: All versions
Intel Xeon Processor E-2200 Family: All versions
CPE2.3- cpe:2.3:h:intel:6th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:7th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:8th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:9th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e3_v5_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e3_v6_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e-2100_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e-2200_family:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00220.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU23090
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-0152
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the target system.
The vulnerability exists due to insufficient memory protection in System Management Mode (SMM) and Intel(R) TXT. A local user can escalate privileges on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsIntel Xeon Scalable Processors: All versions
2nd Generation Intel Xeon Scalable Processors: All versions
Intel Xeon Processor D 2100: All versions
Intel Xeon Processor D 3100: All versions
Intel Xeon Processor W 2100: All versions
Intel Xeon Processor W 3100: All versions
CPE2.3- cpe:2.3:h:intel:intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:2nd_generation_intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_d_2100:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_d_3100:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_w_2100:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_w_3100:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00240.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU23089
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-0151
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the target system.
The vulnerability exists due to insufficient memory protection in Intel TXT. A local user can escalate privileges on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions4th generation Intel Core processors: All versions
5th generation Intel Core processors: All versions
6th Generation Intel Core Processors: All versions
7th Generation Intel Core Processors: All versions
8th Generation Intel Core Processors: All versions
Intel vPro Eligible Processors: All versions
Intel Xeon Processor E3 v2 Family: All versions
Intel Xeon Processor E3 v3 Family: All versions
Intel Xeon Processor E3 v4 Family: All versions
Intel Xeon Processor E3 v5 Family: All versions
Intel Xeon Processor E3 v6 Family: All versions
Intel Xeon Processor E5 v2 Family: All versions
Intel Xeon Processor E5 v3 Family: All versions
Intel Xeon Processor E5 v4 Family: All versions
Intel Xeon Processor E7 v2 Family: All versions
Intel Xeon Processor E7 v3 Family: All versions
Intel Xeon Processor E7 v4 Family: All versions
Intel Xeon Scalable Processors: All versions
2nd Generation Intel Xeon Scalable Processors: All versions
Intel Xeon Processor D 1500: All versions
Intel Xeon Processor D 2100: All versions
Intel Xeon Processor E-2100 Family: All versions
Intel Xeon Processor E-2200 Family: All versions
Intel Xeon Processor W 2100: All versions
Intel Xeon Processor W 3100: All versions
CPE2.3- cpe:2.3:h:intel:4th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:5th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:6th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:7th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:8th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_vpro_eligible_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e3_v2_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e3_v3_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e3_v4_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e3_v5_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e3_v6_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e5_v2_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e5_v3_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e5_v4_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e7_v2_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e7_v3_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e7_v4_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:2nd_generation_intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_d_1500:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_d_2100:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e-2100_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e-2200_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_w_2100:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_w_3100:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00240.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper Check or Handling of Exceptional Conditions
EUVDB-ID: #VU23542
Risk: Low
CVSSv4.0: 5.6 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-11157
CWE-ID:
CWE-703 - Improper Check or Handling of Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the target system.
The vulnerability exists due to improper conditions check in voltage settings. A local user can enable escalation of privilege and/or information disclosure on the target system.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions6th Generation Intel Core Processors: All versions
7th Generation Intel Core Processors: All versions
8th Generation Intel Core Processors: All versions
9th Generation Intel Core Processors: All versions
10th Generation Intel Core Processors: All versions
Intel Xeon Processor E Family: All versions
Intel Xeon Processor E3 v5 Family: All versions
Intel Xeon Processor E3 v6 Family: All versions
Intel Xeon Processor E-2100 Family: All versions
Intel Xeon Processor E-2200 Family: All versions
Intel Celeron Processor G Series: All versions
CPE2.3- cpe:2.3:h:intel:6th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:7th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:8th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:9th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e3_v5_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e3_v6_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e-2100_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e-2200_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_celeron_processor_g_series:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00289.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper Check or Handling of Exceptional Conditions
EUVDB-ID: #VU23547
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-14607
CWE-ID:
CWE-703 - Improper Check or Handling of Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper conditions check. A local user can enable partial escalation of privilege and cause a denial of service and/or information disclosure on the target system.
Install updates from vendor's website.
Vulnerable software versions2nd Generation Intel Xeon Scalable Processors: All versions
Intel Xeon Scalable Processors: All versions
Intel Xeon D Processors: All versions
Intel Xeon W Processors: All versions
8th Generation Intel Core i9: All versions
9th Generation Intel Core i9: All versions
Intel Xeon Processor E3 v5 Family: All versions
Intel Xeon Processor E3 v6 Family: All versions
Intel Xeon Processor E Family: All versions
6th Generation Intel Core Processors: All versions
7th Generation Intel Core Processors: All versions
8th Generation Intel Core Processors: All versions
10th Generation Intel Core Processors: All versions
CPE2.3- cpe:2.3:h:intel:2nd_generation_intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_d_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_w_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:8th_generation_intel_core_i9:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:9th_generation_intel_core_i9:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e3_v5_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e3_v6_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:6th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:7th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:8th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00317.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
