Insufficient Input Validation in Intel Xeon and Atom Processors
CVE-2019-11137

8.2HIGH

Key Information:

Vendor

Intel
Status
2019.2 Ipu – Uefi
Vendor
CVE Published:
14 November 2019

What is CVE-2019-11137?

Insufficient input validation in the system firmware of various Intel Xeon and Atom processors allows privileged users local access to potentially trigger escalation of privilege, cause denial of service, and lead to unintended information disclosure. The affected products include multiple Xeon processor families and Atom processor series, posing risks if exploited in environments that require robust hardware security.

Affected Version(s)

2019.2 IPU – UEFI See provided reference

References

https://www.intel.com/content/www/us/en/security-center/a...
x_refsource_MISC
https://support.hpe.com/hpsc/doc/public/display?docLocale...
x_refsource_CONFIRM
https://support.f5.com/csp/article/K56215245?utm_source=f...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.