Intel® MAX® 10 FPGA Advisory

Summary:

A potential security vulnerability in Intel® MAX® 10 FPGA may allow information disclosure.** Intel is releasing documentation updates to mitigate this potential vulnerability.**

Vulnerability Details:

CVEID: CVE-2020-0574

Description: Improper configuration in block design for Intel® MAX® 10 FPGA all versions may allow an authenticated user to potentially enable escalation of privilege and information disclosure via physical access.

CVSS Base Score: 6.1 Medium

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

MAX® 10 FPGA all versions.

Recommendations:

Intel recommends all users of Intel® Max® 10 FPGA in a physically insecure environment always enable JTAG Secure Mode, especially if user flash memory (UFM) is not encrypted. Please refer to Page 22 in the Intel® Max® 10 FPGA User Guide to find detailed instructions.

The Intel® Max® 10 FPGA User Guide can be found here.

Acknowledgements:

Intel would like to thank Dr. Sergei Skorobogatov of the Dept of Computer Science and Technology, University of Cambridge, Cambridge, UK, for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.