Incorrect Security Check in Intel Core and Xeon Processors
CVE-2017-5691

9CRITICAL

Key Information:

Vendor
Intel
Status
6th And 7th Generation Intel Core Processor Families, Intel Xeon E3-1500m V5 And V6 Processor Families, And Intel Xeon E3-1200 V5 And V6 Product Families.
Vendor
CVE Published:
26 July 2017

Summary

A vulnerability exists in Intel processors from the 6th and 7th generations, including certain Xeon models. An incorrect check in the system allows compromised firmware to bypass security measures, potentially impacting the integrity of Software Guard Extensions (SGX) by manipulating the early system state. This flaw could lead to unauthorized access to sensitive data under specific conditions.

Affected Version(s)

6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Processor Families, and Intel Xeon E3-1200 v5 and v6 Product Families. 6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Processor Families, and Intel Xeon E3-1200 v5 and v6 Product Families.

References

https://security-center.intel.com/advisory.aspx?intelid=I...
x_refsource_CONFIRM
https://support.lenovo.com/us/en/product_security/LEN-15184
x_refsource_CONFIRM
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLo...
x_refsource_CONFIRM

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.