27 matches found
CVE-2021-33117
CVE-2021-33117 affects some 3rd Generation Intel Xeon Scalable Processors prior to BIOS MR7. The issue is improper access control that may allow a local attacker to disclose information. Intel’s advisory recommends updating to BIOS MR7 or later and applying the corresponding microcode updates; th...
CVE-2020-12358
CVE-2020-12358 involves a firmware out-of-bounds write in Intel processors that can allow a privileged local attacker to cause a denial of service. The vulnerability affects Intel processor firmware via local access and is documented in Intel’s advisory Intel-SA-00463, which also lists related CV...
CVE-2020-12357
CVE-2020-12357 describes an improper initialization in the firmware for some Intel processors that could allow a privileged user to escalate privileges via local access. The vulnerability is documented in Intel’s IPU BIOS advisory (INTEL-SA-00463) and is linked to the same family of processor fir...
CVE-2020-0588
CVE-2020-0588 concerns Intel BIOS firmware with improper conditions check that may allow a privileged user to escalate privileges via local access. Connected sources confirm affected Intel BIOS firmware across multiple processor families (e.g., 2nd Gen Xeon, Xeon Scalable, Core series) and note l...
CVE-2019-14558
CVE-2019-14558 concerns insufficient control flow management in BIOS firmware for 8th–10th Generation Intel Core and Intel Celeron 4000/5000 Series processors. The vulnerability could allow an authenticated local user to potentially cause a denial of service via adjacent access. The initial entry...
CVE-2020-0587
CVE-2020-0587 is a BIOS firmware vulnerability in some Intel® Processors described in the Intel “IPU – BIOS Advisory” package. The issue is an improper conditions check in BIOS firmware that may allow a privileged, local attacker to escalate privileges. Affects multiple Intel processor families; ...
CVE-2020-24486
CVE-2020-24486 is an Intel firmware vulnerability caused by improper input validation in the firmware of some Intel processors. An authenticated local attacker could potentially cause a denial of service. The issue is described in Intel’s advisory as part of a family of firmware vulnerabilities; ...
CVE-2020-8670
CVE-2020-8670 is a race-condition flaw in Intel processor firmware that could allow a local privileged attack. No public exploits are known in the provided documents. Affected data indicates local access is required, with INTEL-SA advisories (INTEL-SA-00463) and related mitigations referenced by ...
CVE-2020-8738
CVE-2020-8738 is tied to Intel BIOS platform sample code with an improper conditions check that may allow a locally authenticated user to escalate privileges on certain Intel processors. The CVE is detailed in Intel advisory Intel-SA-00390, which also covers related CVEs (8739, 8740, 8764) and ma...
CVE-2020-0591
CVE-2020-0591 concerns improper buffer restrictions in BIOS firmware for certain Intel processors, enabling potential local privilege escalation. Documented impact is escalation of privilege via local access; exploitation status is not detailed in the provided sources. Affected are Intel BIOS fir...
CVE-2020-8764
CVE-2020-8764 corresponds to an Intel BIOS platform sample code vulnerability causing improper access control that may allow a locally authenticated user to escalate privileges in certain Intel processors. The issue is tied to Intel BIOS platform sample code and BIOS firmware for multiple process...
CVE-2020-0593
CVE-2020-0593 concerns Intel BIOS firmware: improper buffer restrictions in the BIOS for various Intel processors may allow a local attacker to escalate privileges. The public details describe a local-privilege escalation impact with partial confidentiality/integrity/availability effects (CVSS 2....
CVE-2020-8700
Affected software/hardware: Intel processors firmware. Root cause: Improper input validation in the firmware. Impact: Privilege escalation via local access by a privileged user; confidentiality, integrity, and availability may be affected (CVSS v3.1 base 6.7). Exploitation info: Not detailed in t...
CVE-2020-12360
CVE-2020-12360 describes an out-of-bounds read in the firmware of some Intel processors that could allow a local, authenticated attacker to escalate privileges. Affected items include various Intel-enabled systems where firmware/UEFI code handles memory bounds improperly. Mitigations are vendor-s...
CVE-2020-0571
CVE-2020-0571 corresponds to an improper conditions check in BIOS firmware for 8th Generation Intel Core processors and Intel Pentium Silver series, potentially allowing an authenticated local user to disclose information. Connected documents provide concrete details: Intel’s BIOS advisory (Intel...
CVE-2020-12359
CVE-2020-12359 concerns Intel processor firmware with insufficient control flow management. The vulnerability could allow an unauthenticated user to escalate privileges via physical access. Connected sources tie this to Intel processor firmware issues and list remediation paths in affected IBM Cl...
CVE-2020-0592
CVE-2020-0592 corresponds to an out-of-bounds write in BIOS firmware for certain Intel processors, with potential escalation of privilege and/or denial of service via local access. Multiple connected sources confirm the issue as a BIOS/firmware vulnerability and cite Intel’s advisory (INTEL-SA-00...
CVE-2020-8671
CVE-2020-8671 is documented in multiple connected sources as an Intel BIOS vulnerability: insufficient control flow management in BIOS firmware for 8th/9th Gen Intel Core and Intel Celeron 4000 Series may allow an authenticated user to potentially disclose information via local access. The Intel ...
CVE-2020-8672
CVE-2020-8672 describes an out-of-bounds read in BIOS firmware for 8th/9th Gen Intel Core and Intel Celeron 4000 Series processors that may allow an unauthenticated local attacker to elevate privileges or cause a denial of service. The vulnerability is documented in Intel’s BIOS advisory (INTEL-S...
CVE-2021-0095
CVE-2021-0095 describes improper initialization in the firmware for some Intel processors that may allow a local attacker to cause a denial of service. The NVD entry notes the impact as Availability (PARTIAL) with a low CVSS2 base score (2.1) and a MEDIUM CVSS3.1 score (4.4) requiring local acces...
CVE-2020-8739
CVE-2020-8739 covers use of a potentially dangerous function in Intel BIOS platform sample code for some Intel processors that may allow an authenticated user to escalate privileges via local access. Public details enumerate affected families (e.g., 2nd Gen Xeon Scalable, Core X-series, Xeon W, X...
CVE-2020-8740
CVE-2020-8740 is an out-of-bounds write in Intel BIOS platform sample code for certain Intel processors that may allow a locally authenticated attacker to escalate privileges. The Intel advisory (INTEL-SA-00390) documents this alongside related CVEs and indicates updates to BIOS platform sample c...
CVE-2019-14557
CVE-2019-14557 corresponds to a buffer overflow in BIOS firmware of 8th–10th Gen Intel Core and Intel Celeron 4000/5000 series platforms. The flaw can allow an authenticated local user to potentially elevate privileges or cause a denial of service via adjacent access. Intel’s advisory (Intel-SA-0...
CVE-2019-14556
CVE-2019-14556 describes an improper initialization in BIOS firmware for 8th–10th Gen Intel Core and Intel Celeron 4000/5000 series processors, potentially allowing a privileged user to cause a denial of service via local access. Connected sources confirm the root cause as BIOS firmware issues an...
CVE-2008-7096
Intel Desktop and Mobile boards BIOS firmware DQ35JO, DQ35MP, DP35DP, DG33FB, DG33BU, DG33TL, MGM965TW, D945GCPE, and DX38BT allow local administrators with Ring 0 privileges to gain additional privileges and modify code running in System Management Mode, or access hypervisor memory, as demonstra...
CVE-2018-3612
The CVE-2018-3612 entries describe Intel NUC kits with insufficient input validation in system firmware, enabling a local attacker to elevate privileges to System Management Mode (SMM). Affected component: system firmware in Intel NUC kits. Root cause: inadequate input validation in firmware. Imp...
CVE-2008-3900
The CVE-2008-3900 entry concerns Intel firmware PE94510M.86A.0050.2007.0710.1559 where pre-boot authentication passwords are stored in the BIOS keyboard buffer and the buffer is not cleared after use. This allows local users to read the raw memory locations associated with the buffer to obtain se...