Denial of service in Intel Thunderbolt Windows DCH Drivers

1) Improper access control

EUVDB-ID: #VU59220

Risk: Low

CVSSv3.1: 5.4 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0110

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access control. A local attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Thunderbolt JHL6540: All versions

Intel Thunderbolt JHL6340: All versions

Intel Thunderbolt JHL6240: All versions

Intel Thunderbolt JHL7540: All versions

Intel Thunderbolt JHL7440: All versions

Intel Thunderbolt JHL7340: All versions

Intel Thunderbolt JHL8540: All versions

Intel Thunderbolt JHL8440: All versions

Intel 10th Generation Core Processors with Thunderbolt Technology: All versions

Intel 11th Generation Core Processors with Thunderbolt Technology: All versions

Intel Thunderbolt DCH drivers: before 1.41.1094

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00533.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.