A potential security vulnerability in the Intel® Innovation Engine Build and Signing Tool may allow escalation of privilege.** **Intel is releasing software updates to mitigate this potential vulnerability.
CVEID: CVE-2020-8675
Description: Insufficient control flow management in firmware build and signing tool for Intel® Innovation Engine before version 1.0.859 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
CVSS Base Score: 7.1 High
CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Intel® Innovation Engine Build and Signing Tool before version 1.0.859.
Intel recommends that users update to the latest firmware version provided by the system manufacturer that addresses this issue.
Intel would like to thank Mark Ermolov from Positive Technologies, and Maxim Goryachy (independent) for reporting this issue.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.