CVE-2020-8672 : Out of bound read in BIOS firmware for 8th, 9th Generation Intel(R) Core(TM), In

Out of bound read in BIOS firmware for 8th, 9th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 Series Processors may allow an unauthenticated user to potentially enable elevation of privilege or denial of service via local access.

Published 2021-02-02 22:15:12

Updated 2021-02-08 18:57:04

Source Intel Corporation

View at NVD, CVE.org

Vulnerability category: Gain privilegeDenial of service

Products affected by CVE-2020-8672

Intel » Bios » Version: N/A
cpe:2.3:o:intel:bios:-:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Celeron 4205u » Version: N/A
When used together with: Intel » Celeron 4305u » Version: N/A
When used together with: Intel » Celeron 4305ue » Version: N/A
When used together with: Intel » Core I3 8100 » Version: N/A
When used together with: Intel » Core I3 8100f » Version: N/A
When used together with: Intel » Core I3 8100t » Version: N/A
When used together with: Intel » Core I3 8300 » Version: N/A
When used together with: Intel » Core I3 8300t » Version: N/A
When used together with: Intel » Core I3 8350k » Version: N/A
When used together with: Intel » Core I3 9100 » Version: N/A
When used together with: Intel » Core I3 9100f » Version: N/A
When used together with: Intel » Core I3 9100t » Version: N/A
When used together with: Intel » Core I3 9300 » Version: N/A
When used together with: Intel » Core I3 9300t » Version: N/A
When used together with: Intel » Core I3 9320 » Version: N/A
When used together with: Intel » Core I3 9350k » Version: N/A
When used together with: Intel » Core I3 9350kf » Version: N/A
When used together with: Intel » Core I5 8400 » Version: N/A
When used together with: Intel » Core I5 8400t » Version: N/A
When used together with: Intel » Core I5 8500 » Version: N/A
When used together with: Intel » Core I5 8500t » Version: N/A
When used together with: Intel » Core I5 8600 » Version: N/A
When used together with: Intel » Core I5 8600k » Version: N/A
When used together with: Intel » Core I5 8600t » Version: N/A
When used together with: Intel » Core I5 9400 » Version: N/A
When used together with: Intel » Core I5 9400f » Version: N/A
When used together with: Intel » Core I5 9400t » Version: N/A
When used together with: Intel » Core I5 9500 » Version: N/A
When used together with: Intel » Core I5 9500f » Version: N/A
When used together with: Intel » Core I5 9500t » Version: N/A
When used together with: Intel » Core I5 9600 » Version: N/A
When used together with: Intel » Core I5 9600k » Version: N/A
When used together with: Intel » Core I5 9600kf » Version: N/A
When used together with: Intel » Core I5 9600t » Version: N/A
When used together with: Intel » Core I7 8086k » Version: N/A
When used together with: Intel » Core I7 8700 » Version: N/A
When used together with: Intel » Core I7 8700k » Version: N/A
When used together with: Intel » Core I7 8700t » Version: N/A
When used together with: Intel » Core I7 9700 » Version: N/A
When used together with: Intel » Core I7 9700f » Version: N/A
When used together with: Intel » Core I7 9700k » Version: N/A
When used together with: Intel » Core I7 9700kf » Version: N/A
When used together with: Intel » Core I7 9700t » Version: N/A
When used together with: Intel » Core I9 9900 » Version: N/A
When used together with: Intel » Core I9 9900k » Version: N/A
When used together with: Intel » Core I9 9900kf » Version: N/A
When used together with: Intel » Core I9 9900ks » Version: N/A
When used together with: Intel » Core I9 9900t » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-8672

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 18 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-8672

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-8672

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-8672

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00356.html

INTEL-SA-00356
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-8672

Products affected by CVE-2020-8672

Exploit prediction scoring system (EPSS) score for CVE-2020-8672

CVSS scores for CVE-2020-8672

CWE ids for CVE-2020-8672

References for CVE-2020-8672