Lucene search

K
ibmIBM11A6D2D3E2F465B16C8FA5A033A65600813397804613FDB0328399EEA7561293
HistoryJul 14, 2020 - 4:02 p.m.

Security Bulletin: IBM has released a Unified Extensible Firmware Interface (UEFI) fix in response to an Intel escalation of information disclosure vulnerability

2020-07-1416:02:22
www.ibm.com
21

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

Summary

IBM has released the Unified Extensible Firmware Interface (UEFI) fix for System x systems in response to the following Intel escalation of information disclosure vulnerability.

Vulnerability Details

CVEID:CVE-2020-0543
**DESCRIPTION:**Xen and multiple Intel processors could allow a local authenticated attacker to obtain sensitive information, caused by an incomplete cleanup from specific special register read operations in some Intel® Processors. An attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/183116 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
System x3250 M5 5458 JUE1
System x3100 M5 5457 J9E1

Remediation/Fixes

Firmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/&gt;

Affected Product(s) Version(s)

System x3250 M5 5458

(ibm_fw_uefi_jue142b-2.20_anyos_32-64)

| jue142b-2.20

System x3100 M5 5457

(ibm_fw_uefi_j9e142b-2.20_anyos_32-64)

| j9e142b-2.20

Workarounds and Mitigations

None

CPENameOperatorVersion
system x3250 m5eq5458
system x3100 m5eq5457

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N