Published:
13 November 2019
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0316 INTEL-SA-00240 - Intel Processor Security Advisory 13 November 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Intel Core Processor Intel Xeon Scalable Processor Intel Xeon Processor Impact/Access: Increased Privileges -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-0152 CVE-2019-0151 Member content until: Friday, December 13 2019 OVERVIEW Intel has discovered vulnerabilities in System Management Mode (SMM) and Intel Trusted Execution Technology (TXT) the following processors: o Intel Core Processor o Intel Xeon Scalable Processor o Intel Xeon Processor IMPACT Intel has provided the folllowing information regarding the vulnerabilities: "Intel ID: INTEL-SA-00240 Advisory Category: Hardware Impact of vulnerability : Escalation of Privilege Severity rating : HIGH Original release: 11/12/2019 Last revised: 11/12/2019" [1] "CVEID: CVE-2019-0152 Description: Insufficient memory protection in System Management Mode (SMM) and Intel(R) TXT for certain Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVSS Base Score: 8.2 High CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVEID: CVE-2019-0151 Description: Insufficient memory protection in Intel(R) TXT for certain Intel (R) Core Processors and Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVSS Base Score: 7.5 High CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" [1] MITIGATION Intel recommends: "...that users of Intel server products listed above update to the latest firmware version provided by the system manufacturer that addresses these issues. For client platforms listed above updated SINIT modules are available [2]" [1] REFERENCES [1] INTEL-SA-00240 - Intel Processor Security Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00240.html [2] Intel SINIT modules http://software.intel.com/en-us/articles/intel-trusted-execution-technology AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXctxk2aOgq3Tt24GAQiWfRAAu5Per1dyhcwotOF8yQwNkx59nJJWzvkB QomeUurTsln6JwWlc5gjeEi9ap4YPzYACdA33SrZPLT9cKA18GH01u9tyP61QHKN h6rQAicpdwC6ofmmb95SAUfiKJLNdnJYqgf7weI7H2d1CTXieJ3UyZTrL+KZYo4r C63/TAaxhc7RWFdZE8PEK6D0GZVg7Bfst3vt9usxTfZn+0cOSiqVFO+kMK/iMDyX vPCrdL1HutJrBO1YXURLRqGvdlas2gw+EMSYj2JEcXJhW1McaSfi+5F+0zS3tZJ/ JqIaxVV3xzPmT2y7wDFLmZdWvbBGr/t6CLQ1Uths1/kL2CfXUgi14OnRraCSQfUF ZJGQ8jpATCBOwuHTpbPFYEd4Qn0+fSkCM4QAImuFP7R94AnHu5IeCIQYwzppDtR6 YrV9qvDItSxZjgXXUiDCWPiW/Sf14dgI7P+JRVIX+jhYZBjtbz1sUuET7DE9OQSu sYq8N81bFWuJVrWYKcF5g94v2IJFT5i+VGdWYrPoEBWnZDEna2RChPpjYMvULCqc 3XRWkyCmhszcCWVQACrq7z0Lmtj/GFibfci6i1Y0VSE0h3J5KRce45PCJb//ZiCU wB0176tOsgWuliORnEfptks9oRHBOTz8PyAyU4+e0ogLiCluDbfacHZOyTaAvHVH Qr94X1RC5KQ= =Esuz -----END PGP SIGNATURE-----