Lucene search

K
intelIntel Security CenterINTEL:INTEL-SA-00210
HistoryMay 11, 2021 - 12:00 a.m.

2019.2 IPU – Intel® Processor Machine Check Error Advisory

2021-05-1100:00:00
Intel Security Center
www.intel.com
35
intel
processor
machine check error
advisory
denial of service
vulnerability
page table
operating system
hypervisor
cve-2018-12207
security guidance

EPSS

0.001

Percentile

18.7%

Summary:

A potential security vulnerability in some Intel® Processors may allow denial of service.** Intel has coordinated with OS and hypervisor vendors to provide updates which will mitigate this potential vulnerability.**

Vulnerability Details:

CVEID: CVE-2018-12207

Description: Improper invalidation for page table updates by a virtual guest operating system for multiple Intel® Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Affected Products:

A list of impacted products can be found here.

Recommendations:

To mitigate this vulnerability, operating system and hypervisor vendors will be providing software updates. Please contact your operating system vendor for additional details.

Additional Advisory Guidance on CVE-2018-12207 available here.

Acknowledgements:

The following issue was found internally by Intel. Intel would like to thank Deepak Gupta.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.