A potential security vulnerability in System Management Mode (SMM) with Intel® Processor Graphics may allow information disclosure.** **Intel is releasing guidance to SMM developers to mitigate this potential vulnerability.
CVEID: CVE-2019-0185
Description: Insufficient access control in protected memory subsystem for SMM for 6th, 7th, 8th and 9th Generation Intel® Core™ Processor families; Intel® Xeon® Processor E3-1500 v5 and v6 families; Intel® Xeon® E-2100 and E-2200 Processor families with Intel® Processor Graphics may allow a privileged user to potentially enable information disclosure via local access.
CVSS Base Score: 6.0 Medium
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Intel recommends that users of the affected products** **update to the latest BIOS version provided by the system manufacturer that addresses this issue.
This issue was found internally by Intel. Intel would like to thank Artem Shishkin, Bill Wager, Edgar Barbosa, Gabriel Negreira Barbosa, Gustavo de Castro Scotti, Jeffrey S Frizzell, Kekai Hu, Rodrigo Axel Monroy, Willem Pinckaers and Rodrigo Rubira Branco (BSDaemon).
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.