#VU23089 Permissions, Privileges, and Access Controls in Intel Hardware solutions


Published: 2019-11-29

Vulnerability identifier: #VU23089

Vulnerability risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2019-0151

CWE-ID: CWE-264

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
4th generation Intel Core processors
Hardware solutions / Firmware
5th generation Intel Core processors
Hardware solutions / Firmware
6th Generation Intel Core Processors
Hardware solutions / Firmware
7th Generation Intel Core Processors
Hardware solutions / Firmware
8th Generation Intel Core Processors
Hardware solutions / Firmware
Intel vPro Eligible Processors
Hardware solutions / Firmware
Intel Xeon Processor E3 v2 Family
Hardware solutions / Firmware
Intel Xeon Processor E3 v3 Family
Hardware solutions / Firmware
Intel Xeon Processor E3 v4 Family
Hardware solutions / Firmware
Intel Xeon Processor E3 v5 Family
Hardware solutions / Firmware
Intel Xeon Processor E3 v6 Family
Hardware solutions / Firmware
Intel Xeon Processor E5 v2 Family
Hardware solutions / Firmware
Intel Xeon Processor E5 v3 Family
Hardware solutions / Firmware
Intel Xeon Processor E5 v4 Family
Hardware solutions / Firmware
Intel Xeon Processor E7 v2 Family
Hardware solutions / Firmware
Intel Xeon Processor E7 v3 Family
Hardware solutions / Firmware
Intel Xeon Processor E7 v4 Family
Hardware solutions / Firmware
2nd Generation Intel Xeon Scalable Processors
Hardware solutions / Firmware
Intel Xeon Processor D 1500
Hardware solutions / Firmware
Intel Xeon Processor D 2100
Hardware solutions / Firmware
Intel Xeon Processor E-2100 Family
Hardware solutions / Firmware
Intel Xeon Processor E-2200 Family
Hardware solutions / Firmware
Intel Xeon Processor W 2100
Hardware solutions / Firmware
Intel Xeon Processor W 3100
Hardware solutions / Firmware
Intel Xeon Scalable Processors
Hardware solutions / Other hardware appliances

Vendor: Intel

Description

The vulnerability allows a local user to escalate privileges on the target system.

The vulnerability exists due to insufficient memory protection in Intel TXT. A local user can escalate privileges on the target system.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

4th generation Intel Core processors: All versions

5th generation Intel Core processors: All versions

6th Generation Intel Core Processors: All versions

7th Generation Intel Core Processors: All versions

8th Generation Intel Core Processors: All versions

Intel vPro Eligible Processors: All versions

Intel Xeon Processor E3 v2 Family: All versions

Intel Xeon Processor E3 v3 Family: All versions

Intel Xeon Processor E3 v4 Family: All versions

Intel Xeon Processor E3 v5 Family: All versions

Intel Xeon Processor E3 v6 Family: All versions

Intel Xeon Processor E5 v2 Family: All versions

Intel Xeon Processor E5 v3 Family: All versions

Intel Xeon Processor E5 v4 Family: All versions

Intel Xeon Processor E7 v2 Family: All versions

Intel Xeon Processor E7 v3 Family: All versions

Intel Xeon Processor E7 v4 Family: All versions

Intel Xeon Scalable Processors: All versions

2nd Generation Intel Xeon Scalable Processors: All versions

Intel Xeon Processor D 1500: All versions

Intel Xeon Processor D 2100: All versions

Intel Xeon Processor E-2100 Family: All versions

Intel Xeon Processor E-2200 Family: All versions

Intel Xeon Processor W 2100: All versions

Intel Xeon Processor W 3100: All versions


External links
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00240.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability