Multiple potential security vulnerabilities in Intel firmware may allow for escalation of privilege, information disclosure or denial of service.** **Intel is releasing firmware updates to mitigate these potential vulnerabilities.
CVEID: CVE-2018-12201
Description: Buffer overflow vulnerability in Platform Sample / Silicon Reference firmware for 8th Generation IntelĀ®**** Coreā¢ Processor, 7th Generation IntelĀ®**** Coreā¢ Processor, IntelĀ®**** PentiumĀ®**** Silver J5005 Processor, IntelĀ®**** PentiumĀ®**** Silver N5000 Processor, IntelĀ®**** CeleronĀ®**** J4105 Processor, IntelĀ®**** CeleronĀ®**** J4005 Processor, IntelĀ® CeleronĀ®**** N4100 Processor and IntelĀ®**** CeleronĀ® N4000 Processor may allow privileged user to potentially execute arbitrary code via local access.
CVSS Base Score: 5.7 Medium
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
CVEID: CVE-2018-12202
Description: Privilege escalation vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation IntelĀ®****Coreā¢ Processor, 7th Generation IntelĀ®****Coreā¢ Processor may allow privileged user to potentially leverage existing features via local access.
CVSS Base Score: 5.7 Medium
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
CVEID: CVE-2018-12203
Description: Denial of service vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation IntelĀ® Coreā¢ Processor, 7th Generation IntelĀ® Coreā¢ Processor may allow privileged user to potentially execute arbitrary code via local access.
CVSS Base Score: 2.3 Low
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
CVEID: CVE-2018-12204
Description: Improper memory initialization in Platform Sample/Silicon Reference firmware for IntelĀ® Server Board, IntelĀ® Server System and IntelĀ® Compute Module may allow a privileged user to potentially enable an escalation of privilege via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2018-12205
Description: Improper certificate validation in Platform Sample/ Silicon Reference firmware for 8th Generation IntelĀ® Coreā¢ Processor, 7th Generation IntelĀ® Coreā¢ Processor may allow an unauthenticated user to potentially enable an escalation of privilege via physical access.
CVSS Base Score: 7.6 High
CVSS Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Firmware included with the following platform generations:
Ā· 8th Generation IntelĀ® Coreā¢ Processor
Ā· 7th Generation IntelĀ® Coreā¢ Processor
Ā· IntelĀ®**** PentiumĀ®**** Silver J5005 Processor
Ā· IntelĀ®**** PentiumĀ®**** Silver N5000 Processor
Ā· IntelĀ®**** CeleronĀ®**** J4105 Processor
Ā· IntelĀ®**** CeleronĀ®**** J4005 Processor
Ā· IntelĀ® CeleronĀ®** ** N4100 Processor
Ā· IntelĀ®** ** CeleronĀ® N4000 Processor
Ā· IntelĀ®** **Server Board
Ā· IntelĀ® Server System
Ā· IntelĀ® Compute Module
Intel recommends that users of the affected IntelĀ® products** **update to the latest version provided by the system manufacturer.__
Intel would like to thank Alexander Ermolov (CVE-2018-12204) for reporting these issues and working with us on coordinated disclosure.
The remaining issues were found internally by Intel employees.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are deployed.