Configuration of SPI Flash in platforms based on multiple Intel platforms allow a local attacker to alter the behavior of the SPI flash potentially leading to a Denial of Service.
Weakness
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Core_i7-8550u | Intel | - (including) | - (including) |
| Core_i7-8559u | Intel | - (including) | - (including) |
| Core_i7-8650u | Intel | - (including) | - (including) |
| Core_i7-8700 | Intel | - (including) | - (including) |
| Core_i7-8700b | Intel | - (including) | - (including) |
| Core_i7-8700k | Intel | - (including) | - (including) |
| Core_i7-8700t | Intel | - (including) | - (including) |
| Core_i7-8705g | Intel | - (including) | - (including) |
| Core_i7-8706g | Intel | - (including) | - (including) |
| Core_i7-8709g | Intel | - (including) | - (including) |
| Core_i7-8750h | Intel | - (including) | - (including) |
| Core_i7-8809g | Intel | - (including) | - (including) |
| Core_i7-8850h | Intel | - (including) | - (including) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/122.html
- https://cwe.mitre.org/data/definitions/233.html
- https://cwe.mitre.org/data/definitions/58.html
References
- http://www.securitytracker.com/id/1040626
- https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00087\u0026languageid=en-fr
- https://security.netapp.com/advisory/ntap-20180924-0004/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03867en_us
- http://www.securitytracker.com/id/1040626
- https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00087\u0026languageid=en-fr
- https://security.netapp.com/advisory/ntap-20180924-0004/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03867en_us