Potential security vulnerabilities in system firmware for Intel® NUC may allow escalation of privilege, denial of service and/or information disclosure.** **Intel is releasing firmware updates to mitigate these potential vulnerabilities.
CVEID: CVE-2019-14569
Description: Pointer corruption in system firmware for Intel® NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2019-14570
Description: Memory corruption in system firmware for Intel® NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected Product
|
Updated Firmware
—|—
Intel® NUC 8 Mainstream Game Kit
|
Intel® NUC 8 Mainstream Game Mini Computer
|
Intel® NUC Board DE3815TYBE (H26998-500 & later)
|
Intel® NUC Kit DE3815TYKHE (H27002-500 & later)
|
Intel® NUC Board DE3815TYBE
|
Intel® NUC Kit DE3815TYKHE
|
Intel® NUC Kit DN2820FYKH
|
Intel recommends that users update to the latest version (see provided table).
Intel would like to thank Alexander Ermolov for reporting this issue.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.