Improper Buffer Restrictions in Intel Stratix 10 FPGA Firmware
CVE-2020-8737

6.8MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Stratix(r) 10 Fpga Firmware Provided With The Intel(r) Quartus(r) Prime Pro Software
Vendor: CVE Published:; 12 November 2020

What is CVE-2020-8737?

Improper buffer restrictions in the Intel Stratix 10 FPGA firmware included with the Intel Quartus Prime Pro software (prior to version 20.1) can potentially allow an unauthenticated user with physical access to exploit this vulnerability. This could lead to unauthorized privilege escalation or disclosure of sensitive information, highlighting the need for users to upgrade to the latest version for improved security.

Affected Version(s)

Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro software before version 20.1

References

https://www.intel.com/content/www/us/en/security-center/a...

x_refsource_MISC

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2020
Vulnerability Reserved
Feb 6, 2020