Multiple vulnerabilities in Intel Quartus Prime Pro
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2020-8737 CVE-2020-12312 |
| CWE-ID | CWE-119 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Intel Quartus Prime Pro Client/Desktop applications / Other client software |
| Vendor | Intel |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU48440
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-8737
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to a boundary error in the Intel Stratix 10 FPGA firmware. An attacker with physical access can trigger memory corruption and enable escalation of privilege or information disclosure.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Quartus Prime Pro: before 20.2
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00388
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU48443
Risk: Low
CVSSv3.1: 4.3 [CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-12312
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to a boundary error in the Intel Stratix 10 FPGA firmware. An attacker with physical access can trigger memory corruption and enable escalation of privilege.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Quartus Prime Pro: before 20.2
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00388
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
