Vulnerability identifier: #VU46549

Vulnerability risk: Low

CVSSv3.1: 6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-0571

CWE-ID: CWE-264

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
8th Generation Intel Core Processors
Hardware solutions / Firmware
10th Generation Intel Core Processors
Hardware solutions / Firmware
Intel Pentium Processor Silver Series
Hardware solutions / Firmware
9th Generation Intel Core Processors
Client/Desktop applications / Web browsers

Vendor: Intel

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper conditions check in BIOS firmware for 8th Generation Intel(R) Core(TM) Processors and Intel(R) Pentium(R) Silver Processor Series. A local user can run a specially crafted program to gain access to sensitive information.

Mitigation
Intel recommends that users of above Intel® products update to the latest BIOS version provided by the system manufacturer that addresses these issues.

Vulnerable software versions

8th Generation Intel Core Processors: 15.33.49.5100 - 3349

9th Generation Intel Core Processors: 15.33.49.5100 - 26.20.100.7755

10th Generation Intel Core Processors: 15.33.49.5100 - 26.20.100.7755

Intel Pentium Processor Silver Series: All versions

---

External links
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00347.html

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.