Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  nodelist  faq  login

No excellent soul is exempt from a mixture of madness. -- Aristotle


rocksolid / Security / Intel security vulnerability

SubjectAuthor
o Intel security vulnerabilityAnonUser

1
Subject: Intel security vulnerability
From: AnonUser
Newsgroups: rocksolid.shared.security
Organization: RetroBBS
Date: Tue, 10 Dec 2019 22:49 UTC
Path: i2pn2.org!rocksolid3!.POSTED.localhost!not-for-mail
From: anonu...@retrobbs.rocksolidbbs.com.remove-di6-this (AnonUser)
Newsgroups: rocksolid.shared.security
Subject: Intel security vulnerability
Date: Tue, 10 Dec 2019 22:49:30 +0000
Organization: RetroBBS
Message-ID: <935d048ed5571685a5a94155f56ba5c1$1@www.rocksolidbbs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: rocksolidbbs.com; posting-host="localhost:127.0.0.1";
logging-data="16682"; mail-complaints-to="usenet@rocksolidbbs.com"
User-Agent: Rocksolid Light (news.novabbs.com/getrslight)
To: rocksolid.shared.security
X-Comment-To: rocksolid.shared.security
X-FTN-PID: Synchronet 3.17a-Linux Dec 29 2018 GCC 6.3.0
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on rocksolidbbs.com
X-Rslight-Site: $2y$10$lrm0PrgsourF6qoC1tGqa.V63OIaJUcHyRTom27NWsvEYwLGC8usC
X-Gateway: retrobbs.rocksolidbbs.com [Synchronet 3.17a-Linux NewsLink 1.110]
View all headers
  To: rocksolid.shared.security
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00317.html


Unexpected Page Fault in Virtualized Environment Advisory
Intel ID: INTEL-SA-00317
Advisory Category: Hardware
Impact of vulnerability: Escalation of Privilege, Denial of Service, Information Disclosure
Severity rating: MEDIUM
Original release: 12/10/2019
Last revised: 12/10/2019
Summary: A potential security vulnerability in multiple Intel® processors may allow escalation of privilege, denial of service, and/or information disclosure.  Intel is releasing firmware updates to mitigate this potential vulnerability.
Vulnerability Details:

CVEID: CVE-2019-14607

Description: Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local access.

CVSS Base Score:  5.3 Medium

CVSS Vector:  CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
Affected Products:

Datacenter Microprocessors

2nd Generation Intel® Xeon® Scalable Processor

Intel® Xeon® Scalable Processor

Intel® Xeon® D Processors

Intel® Xeon® W Processors

8th and 9th Generation Intel® Core™ i9

 Client and Xeon E3 Microprocessors

Intel® Xeon® Processor E3 v5 & v6 Family

Intel® Xeon® E Processor

6th Generation Intel® Core™ Processors

7th Generation Intel® Core™ Processors

8th Generation Intel® Core™ Processor Family

9th Generation Intel® Core™ Processors Family

10th Generation Intel® Core™ Processor Family
Recommendations:

Intel recommends that users of Intel® Processors listed above update to the latest firmware version provided by the system manufacturer that addresses these issues.
Acknowledgements:

The following issue was found internally by Intel.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

--
Posted on RetroBBS



1
rocksolid light 0.7.2
clearneti2ptor