Published:

13 November 2019

Protect yourself against future threats.

//Service

Incident Management

Whether it is proactive or reactive services you're after, we will help you detect, interpret and respond to attacks from across the globe.

Read more
Resources > Security Bulletins > ASB-2019.0316 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2019.0316
            INTEL-SA-00240 - Intel Processor Security Advisory
                             13 November 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Intel Core Processor
                      Intel Xeon Scalable Processor
                      Intel Xeon Processor
Impact/Access:        Increased Privileges -- Existing Account
Resolution:           Patch/Upgrade
CVE Names:            CVE-2019-0152 CVE-2019-0151 
Member content until: Friday, December 13 2019

OVERVIEW

        Intel has discovered vulnerabilities in System Management Mode (SMM)
        and Intel Trusted Execution Technology (TXT) the following 
        processors:
         o Intel Core Processor
         o Intel Xeon Scalable Processor
         o Intel Xeon Processor


IMPACT

        Intel has provided the folllowing information regarding the 
        vulnerabilities:
        
        "Intel ID:                INTEL-SA-00240
        Advisory Category:        Hardware
        Impact of vulnerability : Escalation of Privilege
        Severity rating :         HIGH
        Original release:         11/12/2019
        Last revised:             11/12/2019" [1]
        
        "CVEID: CVE-2019-0152
        Description: Insufficient memory protection in System Management 
        Mode (SMM) and Intel(R) TXT for certain Intel(R) Xeon(R) Processors
        may allow a privileged user to potentially enable escalation of 
        privilege via local access.
        CVSS Base Score: 8.2 High
        CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
        
        CVEID: CVE-2019-0151
        Description: Insufficient memory protection in Intel(R) TXT for 
        certain Intel (R) Core Processors and Intel(R) Xeon(R) Processors 
        may allow a privileged user to potentially enable escalation of 
        privilege via local access.
        CVSS Base Score: 7.5 High
        CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" [1]


MITIGATION

        Intel recommends:
        
        "...that users of Intel server products listed above 
        update to the latest firmware version provided by the system 
        manufacturer that addresses these issues.
        
        For client platforms listed above updated SINIT modules are 
        available [2]" [1]


REFERENCES

        [1] INTEL-SA-00240 - Intel Processor Security Advisory
            https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00240.html

        [2] Intel SINIT modules
            http://software.intel.com/en-us/articles/intel-trusted-execution-technology

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXctxk2aOgq3Tt24GAQiWfRAAu5Per1dyhcwotOF8yQwNkx59nJJWzvkB
QomeUurTsln6JwWlc5gjeEi9ap4YPzYACdA33SrZPLT9cKA18GH01u9tyP61QHKN
h6rQAicpdwC6ofmmb95SAUfiKJLNdnJYqgf7weI7H2d1CTXieJ3UyZTrL+KZYo4r
C63/TAaxhc7RWFdZE8PEK6D0GZVg7Bfst3vt9usxTfZn+0cOSiqVFO+kMK/iMDyX
vPCrdL1HutJrBO1YXURLRqGvdlas2gw+EMSYj2JEcXJhW1McaSfi+5F+0zS3tZJ/
JqIaxVV3xzPmT2y7wDFLmZdWvbBGr/t6CLQ1Uths1/kL2CfXUgi14OnRraCSQfUF
ZJGQ8jpATCBOwuHTpbPFYEd4Qn0+fSkCM4QAImuFP7R94AnHu5IeCIQYwzppDtR6
YrV9qvDItSxZjgXXUiDCWPiW/Sf14dgI7P+JRVIX+jhYZBjtbz1sUuET7DE9OQSu
sYq8N81bFWuJVrWYKcF5g94v2IJFT5i+VGdWYrPoEBWnZDEna2RChPpjYMvULCqc
3XRWkyCmhszcCWVQACrq7z0Lmtj/GFibfci6i1Y0VSE0h3J5KRce45PCJb//ZiCU
wB0176tOsgWuliORnEfptks9oRHBOTz8PyAyU4+e0ogLiCluDbfacHZOyTaAvHVH
Qr94X1RC5KQ=
=Esuz
-----END PGP SIGNATURE-----