Local Vulnerability in Intel Platforms Allows SPI Flash Manipulation
CVE-2017-5703

6MEDIUM

Key Information:

Vendor
Intel
Status
Intel 6th Generation Intel Core Processors, Intel 7th Generation Processors, Intel Xeon Scalable Processors, Intel Xeon Processor E3 V5 Family, Intel Xeon Processor E3 V6 Family, And Intel Atom Processor C Series.
Vendor
CVE Published:
3 April 2018

Summary

A configuration issue in the SPI Flash on certain Intel platforms allows local attackers to modify the behavior of the flash. This manipulation can potentially lead to Denial of Service, as unauthorized changes can disrupt the normal operations of the affected systems and compromise their integrity.

Affected Version(s)

Intel 6th generation Intel Core Processors, Intel 7th generation Processors, Intel Xeon Scalable Processors, Intel Xeon Processor E3 v5 Family, Intel Xeon Processor E3 v6 Family, and Intel Atom Processor C Series. All

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...
x_refsource_CONFIRM
https://security-center.intel.com/advisory.aspx?intelid=I...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040626
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.