Potential security vulnerabilities in BIOS firmware for multiple Intel Platforms may allow escalation of privilege, denial of service and/or information disclosure. Intel is releasing BIOS updates to mitigate these potential vulnerabilities.
CVEID: CVE-2020-8672
Description: Out of bound read in BIOS firmware for 8th, 9th Generation Intel® Core™, Intel® Celeron® Processor 4000 Series Processors may allow an unauthenticated user to potentially enable elevation of privilege or denial of service via local access.
CVSS base Score: 5.1 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CVEID: CVE-2019-14557
Description: Buffer overflow in BIOS firmware for 8th, 9th, 10th Generation Intel® Core™, Intel® Celeron® Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable elevation of privilege or denial of service via adjacent access.
CVSS base Score: 4.6 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CVEID: CVE-2019-14558
Description: Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel® Core™, Intel® Celeron® Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable denial of service via adjacent access.
CVSS base Score: 3.0 Low
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
CVEID: CVE-2020-8671
Description: Insufficient control flow management in BIOS firmware 8th, 9th Generation Intel® Core™ Processors and Intel® Celeron® Processor 4000 Series may allow an authenticated user to potentially enable information disclosure via local access.
CVSS base Score: 5.0 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
CVEID: CVE-2019-14556
Description: Improper initialization in BIOS firmware for 8th, 9th, 10th Generation Intel® Core™, Intel® Celeron® Processor 4000 & 5000 Series Processors may allow a privileged user to potentially enable denial of service via local access.
CVSS base Score: 2.0 Low
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L
Intel recommends that users of above Intel® products update to the latest BIOS version provided by the system manufacturer that addresses these issues.__
These issues were found internally by Intel.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.