Improper access control in Intel Hardware solutions

#VU59220 Improper access control in Intel Hardware solutions

Published: 2022-01-05

Vulnerability identifier: #VU59220

Vulnerability risk: Low

CVSSv3.1: 5.4 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0110

CWE-ID: CWE-284

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Intel Thunderbolt JHL6540
Hardware solutions / Firmware
Intel Thunderbolt JHL6340
Hardware solutions / Firmware
Intel Thunderbolt JHL6240
Hardware solutions / Firmware
Intel Thunderbolt JHL7540
Hardware solutions / Firmware
Intel Thunderbolt JHL7440
Hardware solutions / Firmware
Intel Thunderbolt JHL7340
Hardware solutions / Firmware
Intel Thunderbolt JHL8540
Hardware solutions / Firmware
Intel Thunderbolt JHL8440
Hardware solutions / Firmware
Intel 10th Generation Core Processors with Thunderbolt Technology
Hardware solutions / Firmware
Intel 11th Generation Core Processors with Thunderbolt Technology
Hardware solutions / Firmware
Intel Thunderbolt DCH drivers
Hardware solutions / Drivers

Vendor: Intel

Description

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access control. A local attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Intel Thunderbolt JHL6540: All versions

Intel Thunderbolt JHL6340: All versions

Intel Thunderbolt JHL6240: All versions

Intel Thunderbolt JHL7540: All versions

Intel Thunderbolt JHL7440: All versions

Intel Thunderbolt JHL7340: All versions

Intel Thunderbolt JHL8540: All versions

Intel Thunderbolt JHL8440: All versions

Intel 10th Generation Core Processors with Thunderbolt Technology: All versions

Intel 11th Generation Core Processors with Thunderbolt Technology: All versions

External links
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00533.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Intel Thunderbolt DCH Driver for Windows

Denial of service in Intel Thunderbolt Windows DCH Drivers