Vulnerability identifier: #VU59220
Vulnerability risk: Low
CVSSv3.1: 5.4 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-284
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Intel Thunderbolt JHL6540
Hardware solutions /
Firmware
Intel Thunderbolt JHL6340
Hardware solutions /
Firmware
Intel Thunderbolt JHL6240
Hardware solutions /
Firmware
Intel Thunderbolt JHL7540
Hardware solutions /
Firmware
Intel Thunderbolt JHL7440
Hardware solutions /
Firmware
Intel Thunderbolt JHL7340
Hardware solutions /
Firmware
Intel Thunderbolt JHL8540
Hardware solutions /
Firmware
Intel Thunderbolt JHL8440
Hardware solutions /
Firmware
Intel 10th Generation Core Processors with Thunderbolt Technology
Hardware solutions /
Firmware
Intel 11th Generation Core Processors with Thunderbolt Technology
Hardware solutions /
Firmware
Intel Thunderbolt DCH drivers
Hardware solutions /
Drivers
Vendor: Intel
Description
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access control. A local attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Intel Thunderbolt JHL6540: All versions
Intel Thunderbolt JHL6340: All versions
Intel Thunderbolt JHL6240: All versions
Intel Thunderbolt JHL7540: All versions
Intel Thunderbolt JHL7440: All versions
Intel Thunderbolt JHL7340: All versions
Intel Thunderbolt JHL8540: All versions
Intel Thunderbolt JHL8440: All versions
Intel 10th Generation Core Processors with Thunderbolt Technology: All versions
Intel 11th Generation Core Processors with Thunderbolt Technology: All versions
External links
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00533.html
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.