Insufficient Key Protection in Intel Processors
CVE-2019-0120

4.4MEDIUM

Key Information:

Vendor

Intel
Status
Intel(r) Unified Extensible Firmware Interface (uefi)
Vendor
CVE Published:
17 May 2019

What is CVE-2019-0120?

An insufficient key protection vulnerability exists in the silicon reference firmware for various Intel processors that could allow a privileged user to potentially trigger a denial of service through local access. This could disrupt normal operations, making it crucial for users to be aware of the risks and apply appropriate safeguards.

Affected Version(s)

Intel(R) Unified Extensible Firmware Interface (UEFI) Intel(R) Pentium(R) Processor J Series, Intel(R) Pentium(R) Processor N Series, Intel(R) Celeron(R) J Series, Intel(R) Celeron(R) N Series, Intel(R) Atom(R) Processor A Series, Intel(R) Atom(R) Processor E3900 Series, Intel(R) Pentium(R) Processor Silver Series.

References

https://www.intel.com/content/www/us/en/security-center/a...
x_refsource_MISC
http://www.securityfocus.com/bid/108485
vdb-entryx_refsource_BID
https://support.f5.com/csp/article/K29002929
x_refsource_CONFIRM

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.