Multiple vulnerabilities in Intel Processors
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2020-12357 CVE-2020-8670 CVE-2020-8700 CVE-2020-12359 CVE-2020-12358 CVE-2021-0095 CVE-2020-12360 CVE-2020-24486 |
| CWE-ID | CWE-665 CWE-362 CWE-20 CWE-119 CWE-125 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
2nd Generation Intel Xeon Scalable Processors Hardware solutions / Firmware Intel Xeon D Processors Hardware solutions / Firmware Intel Xeon Processor E Family Hardware solutions / Firmware Intel Xeon Processor E7 v4 Family Hardware solutions / Firmware Intel Xeon Processor E3 v6 Family Hardware solutions / Firmware Intel Xeon Processor E3 v5 Family Hardware solutions / Firmware Intel Xeon Processor E5 v4 Family Hardware solutions / Firmware Intel Xeon Processor E5 v3 Family Hardware solutions / Firmware Intel Xeon W Processors Hardware solutions / Firmware 10th Generation Intel Core Processors Hardware solutions / Firmware 8th Generation Intel Core Processors Hardware solutions / Firmware 7th Generation Intel Core Processors Hardware solutions / Firmware 6th Generation Intel Core Processors Hardware solutions / Firmware Intel Core X-series Processors Hardware solutions / Firmware Intel Core Processors with Intel Hybrid Technology Hardware solutions / Firmware 11th Generation Intel Core Processors Hardware solutions / Firmware Intel Xeon Scalable Processors Hardware solutions / Other hardware appliances |
| Vendor | Intel |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Improper Initialization
EUVDB-ID: #VU54161
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-12357
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper initialization in the firmware. A local administrator can run a specially crafted application to execute arbitrary code with escalated privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versions2nd Generation Intel Xeon Scalable Processors: All versions
Intel Xeon Scalable Processors: All versions
Intel Xeon D Processors: All versions
Intel Xeon Processor E Family: All versions
Intel Xeon Processor E7 v4 Family: All versions
Intel Xeon Processor E3 v6 Family: All versions
Intel Xeon Processor E3 v5 Family: All versions
Intel Xeon Processor E5 v4 Family: All versions
Intel Xeon Processor E5 v3 Family: All versions
Intel Xeon W Processors: All versions
10th Generation Intel Core Processors: All versions
8th Generation Intel Core Processors: All versions
7th Generation Intel Core Processors: All versions
6th Generation Intel Core Processors: All versions
Intel Core X-series Processors: All versions
Intel Core Processors with Intel Hybrid Technology: All versions
11th Generation Intel Core Processors: All versions
CPE2.3- cpe:2.3:h:intel:2nd_generation_intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_d_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e7_v4_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e3_v6_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e3_v5_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e5_v4_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e5_v3_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_w_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:8th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:7th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:6th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_x-series_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_processors_with_intel_hybrid_technology:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:11th_generation_intel_core_processors:*:*:*:*:*:*:*:*
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00463.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Race condition
EUVDB-ID: #VU54162
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-8670
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in the firmware . A local administrator can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versions2nd Generation Intel Xeon Scalable Processors: All versions
Intel Xeon Scalable Processors: All versions
Intel Xeon D Processors: All versions
Intel Xeon Processor E Family: All versions
Intel Xeon Processor E7 v4 Family: All versions
Intel Xeon Processor E3 v6 Family: All versions
Intel Xeon Processor E3 v5 Family: All versions
Intel Xeon Processor E5 v4 Family: All versions
Intel Xeon Processor E5 v3 Family: All versions
Intel Xeon W Processors: All versions
10th Generation Intel Core Processors: All versions
8th Generation Intel Core Processors: All versions
7th Generation Intel Core Processors: All versions
6th Generation Intel Core Processors: All versions
Intel Core X-series Processors: All versions
Intel Core Processors with Intel Hybrid Technology: All versions
11th Generation Intel Core Processors: All versions
CPE2.3- cpe:2.3:h:intel:2nd_generation_intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_d_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e7_v4_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e3_v6_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e3_v5_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e5_v4_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e5_v3_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_w_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:8th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:7th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:6th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_x-series_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_processors_with_intel_hybrid_technology:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:11th_generation_intel_core_processors:*:*:*:*:*:*:*:*
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00463.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU54163
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-8700
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in the firmware. A local administrator can pass specially crafted input to the application and gain elevated privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versions2nd Generation Intel Xeon Scalable Processors: All versions
Intel Xeon Scalable Processors: All versions
Intel Xeon D Processors: All versions
Intel Xeon Processor E Family: All versions
Intel Xeon Processor E7 v4 Family: All versions
Intel Xeon Processor E3 v6 Family: All versions
Intel Xeon Processor E3 v5 Family: All versions
Intel Xeon Processor E5 v4 Family: All versions
Intel Xeon Processor E5 v3 Family: All versions
Intel Xeon W Processors: All versions
10th Generation Intel Core Processors: All versions
8th Generation Intel Core Processors: All versions
7th Generation Intel Core Processors: All versions
6th Generation Intel Core Processors: All versions
Intel Core X-series Processors: All versions
Intel Core Processors with Intel Hybrid Technology: All versions
11th Generation Intel Core Processors: All versions
CPE2.3- cpe:2.3:h:intel:2nd_generation_intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_d_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e7_v4_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e3_v6_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e3_v5_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e5_v4_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e5_v3_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_w_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:8th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:7th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:6th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_x-series_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_processors_with_intel_hybrid_technology:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:11th_generation_intel_core_processors:*:*:*:*:*:*:*:*
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00463.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU54164
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-12359
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to insufficient control flow management in the firmware. An attacker with physical access can pass specially crafted input to the application and gain elevated privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versions2nd Generation Intel Xeon Scalable Processors: All versions
Intel Xeon Scalable Processors: All versions
Intel Xeon D Processors: All versions
Intel Xeon Processor E Family: All versions
Intel Xeon Processor E7 v4 Family: All versions
Intel Xeon Processor E3 v6 Family: All versions
Intel Xeon Processor E3 v5 Family: All versions
Intel Xeon Processor E5 v4 Family: All versions
Intel Xeon Processor E5 v3 Family: All versions
Intel Xeon W Processors: All versions
10th Generation Intel Core Processors: All versions
8th Generation Intel Core Processors: All versions
7th Generation Intel Core Processors: All versions
6th Generation Intel Core Processors: All versions
Intel Core X-series Processors: All versions
Intel Core Processors with Intel Hybrid Technology: All versions
11th Generation Intel Core Processors: All versions
CPE2.3- cpe:2.3:h:intel:2nd_generation_intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_d_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e7_v4_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e3_v6_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e3_v5_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e5_v4_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e5_v3_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_w_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:8th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:7th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:6th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_x-series_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_processors_with_intel_hybrid_technology:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:11th_generation_intel_core_processors:*:*:*:*:*:*:*:*
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00463.html
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU54165
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-12358
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when in the firmware. A local administrator can trigger memory corruption and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versions2nd Generation Intel Xeon Scalable Processors: All versions
Intel Xeon Scalable Processors: All versions
Intel Xeon D Processors: All versions
Intel Xeon Processor E Family: All versions
Intel Xeon Processor E7 v4 Family: All versions
Intel Xeon Processor E3 v6 Family: All versions
Intel Xeon Processor E3 v5 Family: All versions
Intel Xeon Processor E5 v4 Family: All versions
Intel Xeon Processor E5 v3 Family: All versions
Intel Xeon W Processors: All versions
10th Generation Intel Core Processors: All versions
8th Generation Intel Core Processors: All versions
7th Generation Intel Core Processors: All versions
6th Generation Intel Core Processors: All versions
Intel Core X-series Processors: All versions
Intel Core Processors with Intel Hybrid Technology: All versions
11th Generation Intel Core Processors: All versions
CPE2.3- cpe:2.3:h:intel:2nd_generation_intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_d_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e7_v4_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e3_v6_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e3_v5_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e5_v4_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e5_v3_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_w_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:8th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:7th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:6th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_x-series_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_processors_with_intel_hybrid_technology:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:11th_generation_intel_core_processors:*:*:*:*:*:*:*:*
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00463.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper Initialization
EUVDB-ID: #VU54166
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-0095
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization in the firmware. A local administrator can run a specially crafted application to cause a denial of service contiion on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versions2nd Generation Intel Xeon Scalable Processors: All versions
Intel Xeon Scalable Processors: All versions
Intel Xeon D Processors: All versions
Intel Xeon Processor E Family: All versions
Intel Xeon Processor E7 v4 Family: All versions
Intel Xeon Processor E3 v6 Family: All versions
Intel Xeon Processor E3 v5 Family: All versions
Intel Xeon Processor E5 v4 Family: All versions
Intel Xeon Processor E5 v3 Family: All versions
Intel Xeon W Processors: All versions
10th Generation Intel Core Processors: All versions
8th Generation Intel Core Processors: All versions
7th Generation Intel Core Processors: All versions
6th Generation Intel Core Processors: All versions
Intel Core X-series Processors: All versions
Intel Core Processors with Intel Hybrid Technology: All versions
11th Generation Intel Core Processors: All versions
CPE2.3- cpe:2.3:h:intel:2nd_generation_intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_d_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e7_v4_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e3_v6_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e3_v5_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e5_v4_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e5_v3_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_w_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:8th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:7th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:6th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_x-series_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_processors_with_intel_hybrid_technology:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:11th_generation_intel_core_processors:*:*:*:*:*:*:*:*
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00463.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU54167
Risk: Low
CVSSv3.1: 4.9 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-12360
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the firmware. A local user can trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versions2nd Generation Intel Xeon Scalable Processors: All versions
Intel Xeon Scalable Processors: All versions
Intel Xeon D Processors: All versions
Intel Xeon Processor E Family: All versions
Intel Xeon Processor E7 v4 Family: All versions
Intel Xeon Processor E3 v6 Family: All versions
Intel Xeon Processor E3 v5 Family: All versions
Intel Xeon Processor E5 v4 Family: All versions
Intel Xeon Processor E5 v3 Family: All versions
Intel Xeon W Processors: All versions
10th Generation Intel Core Processors: All versions
8th Generation Intel Core Processors: All versions
7th Generation Intel Core Processors: All versions
6th Generation Intel Core Processors: All versions
Intel Core X-series Processors: All versions
Intel Core Processors with Intel Hybrid Technology: All versions
11th Generation Intel Core Processors: All versions
CPE2.3- cpe:2.3:h:intel:2nd_generation_intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_d_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e7_v4_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e3_v6_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e3_v5_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e5_v4_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e5_v3_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_w_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:8th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:7th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:6th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_x-series_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_processors_with_intel_hybrid_technology:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:11th_generation_intel_core_processors:*:*:*:*:*:*:*:*
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00463.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Input validation error
EUVDB-ID: #VU54168
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-24486
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the firmware. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versions2nd Generation Intel Xeon Scalable Processors: All versions
Intel Xeon Scalable Processors: All versions
Intel Xeon D Processors: All versions
Intel Xeon Processor E Family: All versions
Intel Xeon Processor E7 v4 Family: All versions
Intel Xeon Processor E3 v6 Family: All versions
Intel Xeon Processor E3 v5 Family: All versions
Intel Xeon Processor E5 v4 Family: All versions
Intel Xeon Processor E5 v3 Family: All versions
Intel Xeon W Processors: All versions
10th Generation Intel Core Processors: All versions
8th Generation Intel Core Processors: All versions
7th Generation Intel Core Processors: All versions
6th Generation Intel Core Processors: All versions
Intel Core X-series Processors: All versions
Intel Core Processors with Intel Hybrid Technology: All versions
11th Generation Intel Core Processors: All versions
CPE2.3- cpe:2.3:h:intel:2nd_generation_intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_d_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e7_v4_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e3_v6_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e3_v5_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e5_v4_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_processor_e5_v3_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_w_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:8th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:7th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:6th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_x-series_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_processors_with_intel_hybrid_technology:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:11th_generation_intel_core_processors:*:*:*:*:*:*:*:*
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00463.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
