Risk | Low |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2020-0528 CVE-2020-0529 |
CWE-ID | CWE-119 CWE-665 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
7th Generation Intel Core Processors Hardware solutions / Firmware 8th Generation Intel Core Processors Hardware solutions / Firmware 10th Generation Intel Core Processors Hardware solutions / Firmware 9th Generation Intel Core Processors Client/Desktop applications / Web browsers |
Vendor | Intel |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU28945
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0528
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the target system.
The vulnerability exists due to a boundary error in BIOS firmware. A local user can trigger memory corruption and gain elevated privileges or cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versions7th Generation Intel Core Processors: All versions
8th Generation Intel Core Processors: All versions
9th Generation Intel Core Processors: All versions
10th Generation Intel Core Processors: All versions
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00322.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU28947
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0529
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to improper initialization in BIOS firmware. A local attacker can gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versions7th Generation Intel Core Processors: All versions
8th Generation Intel Core Processors: All versions
9th Generation Intel Core Processors: All versions
10th Generation Intel Core Processors: All versions
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00322.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.