Intel : Security Vulnerabilities, CVEs, Published In December 2019

Out of bounds write in firmware for Intel(R) NUC(R) may allow a privileged user to potentially enable escalation of privilege via local access.

Integer overflow in firmware for Intel(R) NUC(R) may allow a privileged user to potentially enable escalation of privilege via local access.

Improper access control in firmware for Intel(R) NUC(R) may allow an authenticated user to potentially enable escalation of privilege via local access.

Improper input validation in firmware for Intel(R) NUC(R) may allow a privileged user to potentially enable escalation of privilege via local access.

Improper buffer restrictions in firmware for Intel(R) NUC(R) may allow an authenticated user to potentially enable escalation of privilege via local access.

Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local access.

Improper permissions in the installer for the Intel(R) SCS Platform Discovery Utility, all versions, may allow an authenticated user to potentially enable escalation of privilege via local attack.

Null pointer dereference in the FPGA kernel driver for Intel(R) Quartus(R) Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable denial of service via local access.

Improper permissions in the installer for the License Server software for Intel® Quartus® Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Unquoted service path in Control Center-I version 2.1.0.0 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.

Improper permissions in the executable for Intel(R) RST before version 17.7.0.1006 may allow an authenticated user to potentially enable escalation of privilege via local access.

Improper conditions check in the Linux kernel driver for the Intel(R) FPGA SDK for OpenCL(TM) Pro Edition before version 19.4 may allow an authenticated user to potentially enable denial of service via local access.

Improper conditions check in voltage settings for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege and/or information disclosure via local access.

Insufficient access control in hardware abstraction driver for MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0, 14.0.10; TXEInfo software for Intel(R) TXE before versions 3.1.70 and 4.0.20; INTEL-SA-00086 Detection Tool version 1.2.7.0 or before; INTEL-SA-00125 Detection Tool version 1.0.45.0 or before may allow an authenticated user to potentially enable escalation of privilege via local access.

Cross site scripting in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow a privileged user to potentially enable escalation of privilege via network access.

Logic issue in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Authentication bypass in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access.

Logic issue in the subsystem for Intel(R) SPS before versions SPS_E5_04.01.04.275.0, SPS_SoC-X_04.00.04.100.0 and SPS_SoC-A_04.00.04.191.0 may allow a privileged user to potentially enable denial of service via local access.

Insufficient input validation in subsystem for Intel(R) CSME before versions 12.0.45 and 13.0.10 may allow a privileged user to potentially enable escalation of privilege via local access.

Insufficient input validation in the subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Insufficient session validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access.

Logic issue in subsystem for Intel(R) CSME before versions 12.0.45, 13.0.10 and 14.0.10 may allow a privileged user to potentially enable escalation of privilege and information disclosure via local access.

Insufficient input validation in MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access.

Insufficient input validation in firmware update software for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow an authenticated user to potentially enable escalation of privilege via local access.

Insufficient input validation in Intel(R) DAL software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access.