Improper Buffer Restrictions in Intel Stratix 10 FPGA Firmware
CVE-2020-12312

6.8MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Stratix(r) 10 Fpga Firmware Provided With The Intel(r) Quartus(r) Prime Pro Software
Vendor: CVE Published:; 12 November 2020

Summary

The FPGA firmware for the Intel Stratix 10, provided with Intel Quartus Prime Pro software prior to version 20.2, contains vulnerabilities due to improper buffer restrictions. This flaw allows an unauthenticated user, with physical access to the device, to potentially escalate privileges, therefore compromising the security of the device's functions and operations.

Affected Version(s)

Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro software before version 20.2

References

https://www.intel.com/content/www/us/en/security-center/a...

x_refsource_MISC

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2020
Vulnerability Reserved
Apr 28, 2020