Multiple potential security vulnerabilities in Intel® Unified Extensible Firmware Interface (UEFI) may allow escalation of privilege and/or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities.
CVEID: CVE-2019-0119
Description: Buffer overflow vulnerability in system firmware for Intel® Xeon® Processor D Family, Intel® Xeon® Scalable Processor, Intel®** **Server Board, Intel® Server System and Intel® Compute Module may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access.
CVSS Base Score: 5.7 Medium
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
CVEID: CVE-2019-0120
Description: Insufficient key protection vulnerability in silicon reference firmware for Intel®**** Pentium®**** Processor J Series, Intel®**** Pentium®**** Processor N Series, Intel®**** Celeron® J Series, Intel®**** Celeron® N Series, Intel®**** Atom® Processor A Series, Intel®**** Atom® Processor E3900 Series, Intel®**** Pentium®**** Processor Silver Series may allow a privileged user to potentially enable denial of service via local access.
CVSS Base Score: 5.3 Medium
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
CVEID: CVE-2019-0126
Description: Insufficient access control in silicon reference firmware for Intel® Xeon® Scalable Processor, Intel® Xeon® Processor D Family may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access.
CVSS Base Score: 7.2 High
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H
Intel® Xeon® Processor D Family
Intel® Xeon® Scalable Processor
Intel®** **Server Board
Intel® Server System
Intel® Compute Module
Intel®Pentium® Processor J Series
Intel®Pentium® Processor N Series
Intel®** **Celeron® J Series
Intel®** **Celeron® N Series
Intel®** **Atom® Processor A Series
Intel®** **Atom® Processor E3900 Series
Intel®** **Pentium® Processor Silver Series
Intel recommends that users of Intel® products listed above** **update to the latest version provided by the system manufacturer that addresses these issues.
These issues were found internally by Intel.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.