SB2020112614 - Multiple vulnerabilities in Intel CSME, TXE and SPS
Published: November 26, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2020-12303)
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in DAL subsystem. A local user can escalate privileges on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
2) Improper Initialization (CVE-ID: CVE-2020-8744)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper initialization in subsystem. A local administrator can run a specially crafted application to execute arbitrary code with escalated privileges on the system.
3) Improper Privilege Management (CVE-ID: CVE-2020-8745)
The vulnerability allows a local attacker to escalate privileges.
The vulnerability exists due to insufficient control flow management. An attacker with physical access can escalate privileges.
4) Improper access control (CVE-ID: CVE-2020-12297)
The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in Installer. A local user can bypass implemented security restrictions and gain elevated privileges on the target system.
5) Use-after-free (CVE-ID: CVE-2020-8750)
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Kernel Mode Driver. A local user can escalate privileges on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Remediation
Install update from vendor's website.