Out-of-bounds Write in Intel products - CVE-2020-8740
Published: November 16, 2020
Vulnerability identifier: #VU48428
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-8740
CWE-ID: CWE-787
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Intel
Affected software:
2nd Generation Intel Xeon Scalable Processors
Intel Core X-series Processors
Intel Xeon W Processors
Intel Xeon D Processors
Intel Xeon Processor E7 v4 Family
Intel Xeon Processor E5 v3 Family
Intel Xeon Processor E5 v4 Family
Intel Xeon Scalable Processors
2nd Generation Intel Xeon Scalable Processors
Intel Core X-series Processors
Intel Xeon W Processors
Intel Xeon D Processors
Intel Xeon Processor E7 v4 Family
Intel Xeon Processor E5 v3 Family
Intel Xeon Processor E5 v4 Family
Intel Xeon Scalable Processors
Detailed vulnerability description
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in Intel BIOS platform sample code. A local administrator can trigger out-of-bounds write and execute arbitrary code on the target system with elevated privileges.
How to mitigate CVE-2020-8740
Install updates from vendor's website.