HP, HP Product Security Response Team (PSRT)HP:C06655648HPSBHF03668 rev. 4 - Intel® 2020.1 IPU Special Register Buffer Data Sampling and Improper Data Forwarding
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
Potential Security Impact
Information Disclosure
Source: HP, HP Product Security Response Team (PSRT)
Reported By: Intel®
VULNERABILITY SUMMARY
Intel has informed HP of a potential security vulnerability involving cleanup errors from specific special register read operations and improper data forwarding in some data cache in some Intel® Processors that may allow an authenticated user to potentially enable information disclosure via local access.
RESOLUTION
Intel has released microcode updates to mitigate the potential vulnerability. HP has identified the affected platforms and the corresponding SoftPaq updated versions. See the affected platforms listed below.
Newer versions may become available and the minimum versions listed below may become obsolete. If a SoftPaq Link becomes invalid, check the HP Customer Support - Software and Driver Downloads site to obtain the latest update for your product model.
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N