Integer overflow in Intel products - CVE-2019-14611
Published: December 12, 2019
Vulnerability identifier: #VU23552
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-14611
CWE-ID: CWE-190
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Intel
Affected software:
Intel NUC 8 Mainstream Game Kit
Intel NUC 8 Mainstream Game Mini Computer
Intel NUC Kit NUC8i7BEK
Intel Compute Card CD1P64GK
Intel NUC 8 Home - NUC8i3CYSM
Intel NUC Kit NUC8i7HNK
Intel NUC-Kit NUC7i7DNKE
Intel NUC-Kit NUC7i5DNKE
Intel NUC-Kit NUC7i3DNHE
Intel Compute Stick STK2mv64CC
Intel Compute Stick STK2m3W64CC
Intel NUC Kit NUC6i7KYK
Intel NUC Kit NUC6i5SYH
Intel NUC Kit NUC7CJYH
Intel Compute Card CD1M3128MK
Intel Compute Card CD1IV128MK
Intel NUC Kit NUC6CAYS
Intel NUC Board DE3815TYBE
Intel NUC Board D34010WYB
Intel NUC 8 Mainstream Game Kit
Intel NUC 8 Mainstream Game Mini Computer
Intel NUC Kit NUC8i7BEK
Intel Compute Card CD1P64GK
Intel NUC 8 Home - NUC8i3CYSM
Intel NUC Kit NUC8i7HNK
Intel NUC-Kit NUC7i7DNKE
Intel NUC-Kit NUC7i5DNKE
Intel NUC-Kit NUC7i3DNHE
Intel Compute Stick STK2mv64CC
Intel Compute Stick STK2m3W64CC
Intel NUC Kit NUC6i7KYK
Intel NUC Kit NUC6i5SYH
Intel NUC Kit NUC7CJYH
Intel Compute Card CD1M3128MK
Intel Compute Card CD1IV128MK
Intel NUC Kit NUC6CAYS
Intel NUC Board DE3815TYBE
Intel NUC Board D34010WYB
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges on the target system.
The vulnerability exists due to integer overflow in firmware for Intel NUC. A local user can trigger integer overflow and enable escalation of privilege on the target system.
How to mitigate CVE-2019-14611
Install updates from vendor's website.