Improper certificate validation in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core(tm) Processor, 7th Generation Intel(R) Core(tm) Processor may allow an unauthenticated user to potentially enable an escalation of privilege via physical access.
Weakness
The product does not validate, or incorrectly validates, a certificate.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Platform_sample_firmware | Intel | - (including) | - (including) |
| Intel-microcode | Ubuntu | bionic | * |
| Intel-microcode | Ubuntu | cosmic | * |
| Intel-microcode | Ubuntu | esm-infra-legacy/trusty | * |
| Intel-microcode | Ubuntu | esm-infra/bionic | * |
| Intel-microcode | Ubuntu | esm-infra/xenial | * |
| Intel-microcode | Ubuntu | trusty | * |
| Intel-microcode | Ubuntu | trusty/esm | * |
| Intel-microcode | Ubuntu | xenial | * |
Potential Mitigations
Related Attack Patterns
References
- https://security.netapp.com/advisory/ntap-20190318-0002/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us
- https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html
- https://security.netapp.com/advisory/ntap-20190318-0002/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us
- https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html