Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00411
HistoryAug 11, 2020 - 12:00 a.m.

Intel® Thunderbolt™ Controller Advisory

2020-08-1100:00:00
Intel Security Center
www.intel.com
8

0.001 Low

EPSS

Percentile

30.6%

JSON

Summary:

A potential security vulnerability in some Intel® Thunderbolt™ controllers may allow information disclosure.** **Intel is releasing prescriptive guidance to mitigate this potential vulnerability.

Vulnerability Details:

CVEID: CVE-2019-14630

Description: Reliance on untrusted inputs in a security decision in some Intel® Thunderbolt™ controllers may allow unauthenticated user to potentially enable information disclosure via physical access.

CVSS Base Score: 4.8 Medium

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

Affected Products:

Thunderbolt™ 1: Intel® DSL3310, Intel® DSL3510, Intel® DSL4510, Intel® DSL4410.

Thunderbolt™ 2: Intel® DSL5520, Intel® DSL5320.

Thunderbolt™ 3: Intel® DSL6540, Intel® DSL6340, Intel® JHL6540, Intel® JHL6340, Intel® JHL6240, Intel® JHL7540, Intel® JHL7340.

Recommendations:

Intel recommends enabling Intel® VT-d based DMA protection to mitigate this potential vulnerability for Intel® Thunderbolt™ 3 controllers.

For a complete Intel® VT-d based DMA protection solution, Intel recommends the following:

1. UEFI Secure Boot feature enabled.

2. Pre-boot Intel® VT-d based DMA protection enabled in UEFI.

3. BIOS Setup Menu protected by password.

4. Intel® VT-d based DMA Protection enabled in the OS.

5. Storage drive encryption enabled.

6. An OS or software capability to notify the user if these protections are disabled.

For an overview of how Intel® VT-d is used for Thunderbolt™ security, please refer to this link:

<https://newsroom.intel.com/wp-content/uploads/sites/11/2020/07/intel-thunderbolt4-security-brief.pdf&gt;

For Windows*:

<https://docs.microsoft.com/en-us/windows/security/information-protection/kernel-dma-protection-for-thunderbolt&gt;

For other Operating Systems, refer to vendor documentation for enabling Kernel DMA protection.

For systems that do not implement Intel® VT-d based DMA protection, Intel recommends following good security practices, including the use of only trusted peripherals and preventing unauthorized physical access to computers.

Acknowledgements:

Intel would like to thank Theo Markettos, Colin Rothwell, Allison Pearce, Simon W. Moore and Robert N.M. Watson from University of Cambridge, Brett F. Gutstein from University of Cambridge/Rice University and Peter G. Neumann from SRI International for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

cve 1
cvelist 1
lenovo 1
prion 1
nvd 1
cve
cve
CVE-2019-14630
2020-08-13 03:15:12
cvelist
cvelist
CVE-2019-14630
2020-08-13 02:08:32
lenovo
lenovo
Intel Thunderbolt Vulnerabilities - Lenovo Support US
2020-06-04 20:32:38
prion
prion
Information disclosure
2020-08-13 03:15:00
nvd
nvd
CVE-2019-14630
2020-08-13 03:15:12

0.001 Low

EPSS

Percentile

30.6%

JSON
Related for INTEL:INTEL-SA-00411
cve1cvelist1lenovo1prion1nvd1