Skip to main content

Xeon Platinum 8253 Firmware CVE-2019-0152

MEDIUM
Buffer Overflow (CWE-119)
2019-11-14 secure@intel.com
Privilege Escalation Buffer Overflow Intel Xeon Platinum 8253 Firmware Xeon Platinum 8256 Firmware Xeon Platinum 8260 Firmware Xeon Platinum 8276 Firmware Xeon Platinum 8276M Firmware Xeon Platinum 8276L Firmware Xeon Platinum 8280L Firmware Xeon Platinum 8260L Firmware Xeon Platinum 8280M Firmware Xeon Platinum 8260M Firmware Xeon Platinum 8280 Firmware Xeon Platinum 8260Y Firmware Xeon Platinum 8268 Firmware Xeon Platinum 8270 Firmware Xeon Platinum 8274 Firmware Xeon Platinum 8284 Firmware Xeon Platinum 9242 Firmware Xeon Platinum 9282 Firmware Xeon Platinum 8153 Firmware Xeon Platinum 8156 Firmware Xeon Platinum 8158 Firmware Xeon Platinum 8176 Firmware Xeon Platinum 8160 Firmware Xeon Platinum 8164 Firmware Xeon Platinum 8168 Firmware Xeon Platinum 8170 Firmware Xeon Platinum 8180 Firmware Xeon Platinum 8160T Firmware Xeon Platinum 8160F Firmware Xeon Platinum 8176F Firmware Xeon Gold 6210U Firmware Xeon Gold 6244 Firmware Xeon Gold 6212U Firmware Xeon Gold 6240 Firmware Xeon Gold 5218 Firmware Xeon Gold 6230 Firmware Xeon Gold 5222 Firmware Xeon Gold 6238T Firmware Xeon Gold 6248 Firmware Xeon Gold 6252 Firmware Xeon Gold 6242 Firmware Xeon Gold 6240Y Firmware Xeon Gold 5217 Firmware Xeon Gold 6238M Firmware Xeon Gold 5218N Firmware Xeon Gold 6226 Firmware Xeon Gold 6254 Firmware Xeon Gold 5220 Firmware Xeon Gold 6238L Firmware Xeon Gold 5218B Firmware Xeon Gold 6240L Firmware Xeon Gold 6238 Firmware Xeon Gold 6240M Firmware Xeon Gold 5220S Firmware Xeon Gold 5215 Firmware Xeon Gold 6222V Firmware Xeon Gold 6252N Firmware Xeon Gold 5215M Firmware Xeon Gold 6246 Firmware Xeon Gold 5215L Firmware Xeon Gold 5218T Firmware Xeon Gold 5220T Firmware Xeon Gold 6209U Firmware Xeon Gold 6262V Firmware Xeon Gold 5122 Firmware Xeon Gold 6138 Firmware Xeon Gold 6148 Firmware Xeon Gold 5120T Firmware Xeon Gold 6136 Firmware Xeon Gold 6150 Firmware Xeon Gold 6152 Firmware Xeon Gold 6130 Firmware Xeon Gold 6128 Firmware Xeon Gold 5118 Firmware Xeon Gold 6134 Firmware Xeon Gold 6126 Firmware Xeon Gold 5120 Firmware Xeon Gold 5115 Firmware Xeon Gold 6154 Firmware Xeon Gold 6140 Firmware Xeon Gold 6140M Firmware Xeon Gold 6132 Firmware Xeon Gold 6138T Firmware Xeon Gold 6142F Firmware Xeon Gold 6130T Firmware Xeon Gold 6138F Firmware Xeon Gold 6130F Firmware Xeon Gold 6126T Firmware Xeon Gold 6126F Firmware Xeon Gold 6148F Firmware Xeon Gold 6146 Firmware Xeon Gold 6144 Firmware Xeon Silver 4209T Firmware Xeon Silver 4210 Firmware Xeon Silver 4214 Firmware Xeon Silver 4214Y Firmware Xeon Silver 4215 Firmware Xeon Silver 4208 Firmware Xeon Silver 4216 Firmware Xeon Silver 4116 Firmware Xeon Silver 4109T Firmware Xeon Silver 4114 Firmware Xeon Silver 4112 Firmware Xeon Silver 4108 Firmware Xeon Silver 4110 Firmware Xeon Bronze 3204 Firmware Xeon Bronze 3106 Firmware Xeon Bronze 3104 Firmware Xeon D 2187Nt Firmware Xeon D 2183It Firmware Xeon D 2177Nt Firmware Xeon D 2173It Firmware Xeon D 2166Nt Firmware Xeon D 2163It Firmware Xeon D 2161I Firmware Xeon D 2146Nt Firmware Xeon D 2145Nt Firmware Xeon D 2143It Firmware Xeon D 2142It Firmware Xeon D 2141I Firmware Xeon D 2123It Firmware Xeon W 3175X Firmware Xeon W 2195 Firmware Xeon W 2175 Firmware Xeon W 2155 Firmware Xeon W 2145 Firmware Xeon W 2135 Firmware Xeon W 2133 Firmware Xeon W 2125 Firmware Xeon W 2123 Firmware
6.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.7 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 14, 2019 - 20:15 nvd
MEDIUM 6.7

DescriptionNVD

Insufficient memory protection in System Management Mode (SMM) and Intel(R) TXT for certain Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

AnalysisAI

Insufficient memory protection in System Management Mode (SMM) and Intel(R) TXT for certain Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Insufficient memory protection in System Management Mode (SMM) and Intel(R) TXT for certain Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Affected products include: Intel Xeon Platinum 8253 Firmware, Intel Xeon Platinum 8256 Firmware, Intel Xeon Platinum 8260 Firmware, Intel Xeon Platinum 8276 Firmware, Intel Xeon Platinum 8276M Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

Share

CVE-2019-0152 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy