Candidate: CVE-2018-12201
PublicDate: 2019-03-14 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12201
 https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html
Description:
 Buffer overflow vulnerability in Platform Sample / Silicon Reference
 firmware for 8th Generation Intel(R) Core Processor, 7th Generation
 Intel(R) Core Processor, Intel(R) Pentium(R) Silver J5005 Processor,
 Intel(R) Pentium(R) Silver N5000 Processor, Intel(R) Celeron(R) J4105
 Processor, Intel(R) Celeron(R) J4005 Processor, Intel Celeron(R) N4100
 Processor and Intel(R) Celeron N4000 Processor may allow privileged user to
 potentially execute arbitrary code via local access.
Ubuntu-Description:
Notes:
 sbeattie> it is unclear whether this issue is addressed in cpu
   microcode or in other firmware, but if it is in cpu microcode,
   subsequent updates have addressed the issue.
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H [6.7 MEDIUM]


Patches_intel-firmware:
upstream_intel-microcode: needs-triage
precise/esm_intel-microcode: DNE
trusty_intel-microcode: released (3.20190514.0ubuntu0.14.04.1)
trusty/esm_intel-microcode: released (3.20190514.0ubuntu0.14.04.1)
xenial_intel-microcode: released (3.20190514.0ubuntu0.16.04.1)
esm-infra/xenial_intel-microcode: released (3.20190514.0ubuntu0.16.04.1)
bionic_intel-microcode: released (3.20190514.0ubuntu0.18.04.2)
cosmic_intel-microcode: released (3.20190514.0ubuntu0.18.10.1)
disco_intel-microcode: not-affected (3.20190312.1)
devel_intel-microcode: not-affected (3.20190312.1)