6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
IBM has released the Unified Extensible Firmware Interface (UEFI) fixes for System x, Flex and BladeCenter systems in response to the following Intel escalation of privilege vulnerability.
CVEID:CVE-2019-0151
**DESCRIPTION:**Insufficient memory protection in Intelยฎ TXT for certain Intelยฎ Core Processors and Intelยฎ Xeonยฎ Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171376 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)
Affected Product(s)
|
Version
โ|โ
BladeCenter HS23 7875/1929
|
tke1
BladeCenter HS23E 8038/8039
|
ahe1
Flex System x220 2585/7906
|
kse1
Flex System x222 7916
|
cce1
Flex System x240 7863/8737/8738/8956
|
b2e1
Flex System x440 7917
|
cne1
Flex System x280 X6, x480 X6, x880 X6 7903
|
n2e1
System x iDataPlex dx360 M4 7912/7913, and Water Cooled
|
tde1
System x NeXtScale nx360 M4 5455
|
fhe1
System x3100 M5 5457
|
j9e1
System x3250 M5 5458
|
jue1
System x3300 M4 7382
|
yae1
System x3500 M4 7383
|
y5e1
System x3550 M4 7914
|
d7e1
System x3630 M4 7158
System x3530 M4 7160
|
bee1
System x3650 M4 7915
System x3650 M4 HD 5460
|
vve1
System x3650 M4 BD 5466
|
yoe1
System x3750 M4 8718/8722/8733/8752
|
koe1
System x3850 x6 3837/3839
System x3950 x6 3839
|
a8e1
Firmware fix versions are available on Fix Central: http://www.ibm.com/support/fixcentral/
Product(s)
|
Fixed Version
โ|โ
BladeCenter HS23 7875/1929
(ibm_fw_uefi_tke168d-2.80_anyos_32-64)
|
tke168d-2.80
BladeCenter HS23E 8038/8039
(ibm_fw_uefi_ahe168d-3.20_anyos_32-64)
|
ahe168d-3.20
Flex System x220 2585/7906
(ibm_fw_uefi_kse166d-2.60_anyos_32-64)
|
kse166d-2.60
Flex System x222 7916
(ibm_fw_uefi_cce168d-2.40_anyos_32-64)
|
cce168d-2.40
Flex System x240 7863/8737/8738/8956
(ibm_fw_uefi_b2e170f-2.60_anyos_32-64)
|
b2e170f-2.60
Flex System x440 7917
(ibm_fw_uefi_cne170d-2.50_anyos_32-64)
|
cne170d-2.50
Flex System x280 X6, x480 X6, x880 X6 7903
(ibm_fw_uefi_n2e136d-2.20_anyos_32-64)
|
n2e136d-2.20
System x iDataPlex dx360 M4 7912/7913,
and Water Cooled 7918/7919
(ibm_fw_uefi_tde164d-2.50_anyos_32-64)
|
tde164d-2.50
IBM System x NeXtScale nx360 M4 5455
(ibm_fw_uefi_fhe128d-2.30_anyos_32-64)
|
fhe128d-2.30
System x3100 M5 5457
(ibm_fw_uefi_j9e140b-2.10_anyos_32-64)
|
j9e140b-2.10
System x3250 M5 5458
(ibm_fw_uefi_jue140b-2.10_anyos_32-64)
|
jue140b-2.10
System x3300 M4 7382
(ibm_fw_uefi_yae164d-2.50_anyos_32-64)
|
yae164d-2.50
System x3500 M4 7383
(ibm_fw_uefi_y5e166d-3.00_anyos_32-64 )
|
y5e166d-3.00
System x3550 M4 7914
(ibm_fw_uefi_d7e172d-3.10_anyos_32-64)
|
d7e172d-3.10
System x3630 M4 7158
System x3530 M4 7160
ibm_fw_uefi_bee172d-3.40_anyos_32-64)
|
bee172d-3.40
System x3650 M4 7915
System x3650 M4 HD 5460
(ibm_fw_uefi_vve168d-3.10_anyos_32-64)
|
vve168d-3.10
System x3650 M4 BD 5466
(ibm_fw_uefi_yoe134d-2.60_anyos_32-64)
|
yoe134d-2.60
System x3750 M4 8718/8722/8733/8752
(ibm_fw_uefi_koe168e-2.60_anyos_32-64)
|
koe168e-2.60
System x3850 x6 3837/3839
System x3950 x6 3839
(ibm_fw_uefi_a8e134e-2.00_anyos_32-64)
|
a8e134e-2.00
None
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C