CVE-2018-12205
Published: 14 March 2019
Improper certificate validation in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core(tm) Processor, 7th Generation Intel(R) Core(tm) Processor may allow an unauthenticated user to potentially enable an escalation of privilege via physical access.
Notes
Author | Note |
---|---|
sbeattie | it is unclear whether this issue is addressed in cpu microcode or in other firmware, but if it is in cpu microcode, subsequent updates have addressed the issue. |
Priority
Status
Package | Release | Status |
---|---|---|
intel-microcode Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
trusty |
Released
(3.20190514.0ubuntu0.14.04.1)
|
|
xenial |
Released
(3.20190514.0ubuntu0.16.04.1)
|
|
bionic |
Released
(3.20190514.0ubuntu0.18.04.2)
|
|
cosmic |
Released
(3.20190514.0ubuntu0.18.10.1)
|
|
disco |
Not vulnerable
(3.20190312.1)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.8 |
Attack vector | Physical |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |