#VU23553 Out-of-bounds write in Intel products - CVE-2019-14612
Published: December 12, 2019
Vulnerability identifier: #VU23553
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-14612
CWE-ID: CWE-787
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Intel NUC 8 Mainstream Game Kit
Intel NUC 8 Mainstream Game Mini Computer
Intel NUC Kit NUC8i7BEK
Intel Compute Card CD1P64GK
Intel NUC 8 Home - NUC8i3CYSM
Intel NUC Kit NUC8i7HNK
Intel NUC-Kit NUC7i7DNKE
Intel NUC-Kit NUC7i5DNKE
Intel NUC-Kit NUC7i3DNHE
Intel Compute Stick STK2mv64CC
Intel Compute Stick STK2m3W64CC
Intel NUC Kit NUC6i7KYK
Intel NUC Kit NUC6i5SYH
Intel NUC Kit NUC7CJYH
Intel Compute Card CD1M3128MK
Intel Compute Card CD1IV128MK
Intel NUC Kit NUC6CAYS
Intel NUC Board DE3815TYBE
Intel NUC Board D34010WYB
Intel NUC 8 Mainstream Game Kit
Intel NUC 8 Mainstream Game Mini Computer
Intel NUC Kit NUC8i7BEK
Intel Compute Card CD1P64GK
Intel NUC 8 Home - NUC8i3CYSM
Intel NUC Kit NUC8i7HNK
Intel NUC-Kit NUC7i7DNKE
Intel NUC-Kit NUC7i5DNKE
Intel NUC-Kit NUC7i3DNHE
Intel Compute Stick STK2mv64CC
Intel Compute Stick STK2m3W64CC
Intel NUC Kit NUC6i7KYK
Intel NUC Kit NUC6i5SYH
Intel NUC Kit NUC7CJYH
Intel Compute Card CD1M3128MK
Intel Compute Card CD1IV128MK
Intel NUC Kit NUC6CAYS
Intel NUC Board DE3815TYBE
Intel NUC Board D34010WYB
Software vendor:
Intel
Intel
Description
The vulnerability allows a local user to escalate privileges on the target system.
The vulnerability exists in firmware for Intel NUC due to a boundary error when processing untrusted input. A local user can trigger out-of-bounds write and enable escalation of privilege on the target system.
Remediation
Install updates from vendor's website.