CVE-2018-12201
https://notcve.org/view.php?id=CVE-2018-12201
Buffer overflow vulnerability in Platform Sample / Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor, Intel(R) Pentium(R) Silver J5005 Processor, Intel(R) Pentium(R) Silver N5000 Processor, Intel(R) Celeron(R) J4105 Processor, Intel(R) Celeron(R) J4005 Processor, Intel Celeron(R) N4100 Processor and Intel(R) Celeron N4000 Processor may allow privileged user to potentially execute arbitrary code via local access. Vulnerabilidad de desbordamiento de búfer en el firmware Platform Sample / Silicon Reference para los procesadores de 8ª generación Intel(R) Core Processor, los procesadores de 7ª generación Intel(R) Core Processor, Intel(R) Pentium(R) Silver J5005 Processor, Intel(R) Pentium(R) Silver N5000 Processor, Intel(R) Celeron(R) J4105 Processor, Intel(R) Celeron(R) J4005 Processor, Intel Celeron(R) N4100 Processor e Intel(R) Celeron N4000 Processor podría permitir que un usuario privilegiado pueda ejecutar código arbitrario mediante acceso local. • https://security.netapp.com/advisory/ntap-20190318-0002 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2018-12202
https://notcve.org/view.php?id=CVE-2018-12202
Privilege escalation vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor may allow privileged user to potentially leverage existing features via local access. Vulnerabilidad de escalado de privilegios en el firmware Platform Sample / Silicon Reference para los procesadores de 8ª generación Intel(R) Core Processor y los procesadores de 7ª generación Intel(R) Core Processor podría permitir que los usuarios privilegiados aprovechen las características existentes mediante acceso local. • https://security.netapp.com/advisory/ntap-20190318-0002 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html •
CVE-2018-12169
https://notcve.org/view.php?id=CVE-2018-12169
Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication. El firmware del código de muestra de la plataforma en 4ª, 5ª, 6ª, 7ª y 8ª generación del procesador Intel Core contiene un error lógico que podría permitir a un atacante físico omitir la autenticación del firmware. • http://www.securityfocus.com/bid/105387 https://edk2-docs.gitbooks.io/security-advisory/content/unauthenticated-firmware-chain-of-trust-bypass.html https://support.lenovo.com/us/en/solutions/LEN-20527 • CWE-287: Improper Authentication •
CVE-2018-3620 – Kernel: hw: cpu: L1 terminal fault (L1TF)
https://notcve.org/view.php?id=CVE-2018-3620
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis. Los sistemas con microprocesadores que emplean la ejecución especulativa y traducciones de direcciones podría permitir la divulgación no autorizada de información que reside en la caché de datos L1 a un atacante con acceso de usuario local mediante un error de página del terminal y un análisis de canal lateral. Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. • http://support.lenovo.com/us/en/solutions/LEN-24163 http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en http://www.securityfocus.com/bid/105080 http://www.securitytracker.com/id/1041451 http://www.vmware.com/security/advisories/VMSA-2018-0021.html http://xenbits.xen.org/xsa/advisory-273.html https://access.redhat.com/errata/RHSA-2018:2384 https://access.redhat.com/errata/RHSA-2018:2387 https://access.redhat.com/errata/RHSA-2018:2388 https: • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVE-2018-3615
https://notcve.org/view.php?id=CVE-2018-3615
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis. Los sistemas con microprocesadores que emplean ejecución especulativa y extensiones Intel software guard (Intel SGX) podría permitir la fuga no autorizada de información que reside en la caché de datos L1 desde un enclave a un atacante con acceso de usuario local mediante un análisis de canal lateral. • http://support.lenovo.com/us/en/solutions/LEN-24163 http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en http://www.securityfocus.com/bid/105080 http://www.securitytracker.com/id/1041451 https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf https://foreshadowattack.eu https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html https://psirt.global.sonicwall.com/vuln-detail/ • CWE-203: Observable Discrepancy •