CVSS: 7.8EPSS: 0%CPEs: 362EXPL: 0CVE-2019-0124
https://notcve.org/view.php?id=CVE-2019-0124
Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting TXT, may allow a privileged user to potentially enable escalation of privilege via local access. Una protección insuficiente de la memoria en Intel® 6th Generation Core Processors y superiores, compatibles con TXT, puede habilitar a un usuario privilegiado para permitir potencialmente una escalada de privilegios por medio de un acceso local. • https://support.f5.com/csp/article/K81556107?utm_source=f5support&%3Butm_medium=RSS https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00220.html •
CVSS: 7.8EPSS: 0%CPEs: 362EXPL: 0CVE-2019-0123
https://notcve.org/view.php?id=CVE-2019-0123
Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting SGX, may allow a privileged user to potentially enable escalation of privilege via local access. Una protección insuficiente de la memoria en Intel® 6th Generation Core Processors y superiores, compatibles con SGX, puede habilitar a un usuario privilegiado para permitir potencialmente una escalada de privilegios por medio de un acceso local. • https://support.f5.com/csp/article/K81556107?utm_source=f5support&%3Butm_medium=RSS https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00220.html •
CVSS: 7.2EPSS: 0%CPEs: 892EXPL: 0CVE-2019-0151
https://notcve.org/view.php?id=CVE-2019-0151
Insufficient memory protection in Intel(R) TXT for certain Intel(R) Core Processors and Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Una protección de memoria insuficiente en Intel® TXT para ciertos procesadores Intel® Core y procesadores Intel® Xeon® puede habilitar a un usuario privilegiado para permitir una escalada de privilegios por medio de un acceso local. • https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf https://support.f5.com/csp/article/K34425791?utm_source=f5support&%3Butm_medium=RSS https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03971en_us https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00240.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 298EXPL: 0CVE-2019-0154 – hw: Intel GPU Denial Of Service while accessing MMIO in lower power state
https://notcve.org/view.php?id=CVE-2019-0154
Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access. Un control de acceso insuficiente en el subsistema para Intel® processor graphics en 6th, 7th, 8th y 9th Generation Intel® Core(TM) Processor Families; Intel® Pentium® Processor J, N, Silver y Gold Series; Intel® Celeron® Processor J, N, G3900 y G4900 Series; Intel® Atom® Processor A y E3900 Series; Intel® Xeon® Processor E3-1500 v5 y v6 y E-2100 Processor Families, puede habilitar a un usuario autenticado para permitir potencialmente una denegación de servicio por medio de un acceso local. A flaw was found in Intel graphics hardware (GPU) where a local attacker with the ability to issue an ioctl could trigger a hardware level crash if MMIO registers were read while the graphics card was in a low-power state. This creates a denial of service situation and the GPU and connected displays will remain unusable until a reboot occurs. • http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://access.redhat.com/errata/RHSA-2020:0204 https://seclists.org/bugtraq/2019/Nov/26 https://security.netapp.com/advisory/ntap-20200320-0004 https://support.f5.com/csp/article/K73659122?utm_source=f5support&%3Butm_medium=RSS https://usn.ubuntu.com/4186-2 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00260.html https://access.redhat.com/security/ • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 1589EXPL: 0CVE-2018-12207 – hw: Machine Check Error on Page Size Change (IFU)
https://notcve.org/view.php?id=CVE-2018-12207
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. Una invalidación inapropiada de las actualizaciones de la tabla de páginas por parte de un sistema operativo invitado virtual para múltiples procesadores Intel® puede habilitar a un usuario autenticado para permitir potencialmente una denegación de servicio del sistema host por medio de un acceso local. A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processor. System software like OS OR Virtual Machine Monitor (VMM) use virtual memory system for storing program instructions and data in memory. Virtual Memory system uses Paging structures like Page Tables and Page Directories to manage system memory. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html https://access.redhat.com/errata/RHSA-2019:3916 https://access.redhat.com/errata/RHSA-2019:3936 https://access.redhat.com/errata/RHSA-2019:3941 https://access.redhat.com/errata/RHSA-2020:0026 https://access.redhat.com/errata/RHSA-2020:0028 https://access.redhat.com/errata/RHSA-2020:0204 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW https:/&#x • CWE-20: Improper Input Validation CWE-226: Sensitive Information in Resource Not Removed Before Reuse •