Potential security vulnerabilities in the BIOS firmware for some Intel® Processors may allow escalation of privilege or denial of service.** **Intel is releasing firmware updates to mitigate this potential vulnerability.
CVEID: CVE-2020-0590
Description: Improper input validation in BIOS firmware for some Intel® Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.7 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H
CVEID: CVE-2020-0587
Description: Improper conditions check in BIOS firmware for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L
CVEID: CVE-2020-0591
Description: Improper buffer restrictions in BIOS firmware for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVEID: CVE-2020-0593
Description: Improper buffer restrictions in BIOS firmware for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 4.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:L
CVEID: CVE-2020-0588
Description: Improper conditions check in BIOS firmware for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 3.8 Low
CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N
CVEID: CVE-2020-0592
Description: Out of bounds write in BIOS firmware for some Intel® Processors may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access.
CVSS Base Score: 3.0 Low
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L
2nd Generation Intel® Xeon® Scalable and Intel® Xeon® Scalable Processors
Intel® Xeon® Processor D Family, Intel® Xeon® Processor E5 v4 Family and Intel® Xeon® Processor E5 v3 Family
10th Generation Intel® Core™ processors, 9th Generation Intel® Core™ processors, 8th Generation Intel® Core™ processors, 7th Generation Intel® Core™ processors, 6th Generation Intel® Core™ processors and
Intel® Core™ Processors with Intel® Hybrid Technology
Intel® Xeon® Processor E7 v4 Family and Intel® Xeon® Processor E7 v2 Family
Intel® Core™ X-series Processors and Intel® Xeon® Processor W Family
Intel® Xeon® Processor D Family, Intel® Xeon® W Processor and Intel® Core™ X-series Processors
Intel recommends that users of the affected products update to the latest BIOS firmware provided by the system manufacturer that addresses these issues.
These issues were found internally by Intel employees. Intel would like to thank, Nagaraju N Kodalapura and Hareesh Khattri for CVE-2020-0590, Jorge E Gonzalez Diaz for CVE-2020-0588, Nicholas Armour for CVE-2020-0587, and Brent Holtsclaw for CVE-2020-0591 and CVE-2020-0591.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.