Vulnerabilities > CVE-2020-12289 - Out-of-bounds Write vulnerability in Intel products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

intel

CWE-787

NVD

Published: 2021-06-09

Updated: 2021-06-15

Summary

Out-of-bounds write in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.

Vulnerable Configurations

Part	Description	Count
OS	Intel Intel Jhl6240 Thunderbolt 3 Firmware - Intel Jhl6340 Thunderbolt 3 Firmware - Intel Jhl6540 Thunderbolt 3 Firmware - Intel Jhl7040 Thunderbolt 3 Retimer Firmware * Intel Jhl7340 Thunderbolt 3 Firmware - Intel Jhl7440 Thunderbolt 3 Firmware * Intel Jhl7540 Thunderbolt 3 Firmware - Intel Jhl8010R USB Retimer Firmware * Intel Dsl5320 Thunderbolt 2 Firmware * Intel Dsl5520 Thunderbolt 2 Firmware * Intel Dsl6340 Thunderbolt 3 Firmware * Intel Dsl6540 Thunderbolt 3 Firmware * Intel Jhl8040R Thunderbolt 4 Retimer Firmware *	13
Hardware	Intel Intel Jhl6240 Thunderbolt 3 - Intel Jhl6340 Thunderbolt 3 - Intel Jhl6540 Thunderbolt 3 - Intel Jhl7040 Thunderbolt 3 Retimer - Intel Jhl7340 Thunderbolt 3 - Intel Jhl7440 Thunderbolt 3 - Intel Jhl7540 Thunderbolt 3 - Intel Jhl8010R USB Retimer - Intel Dsl5320 Thunderbolt 2 - Intel Dsl5520 Thunderbolt 2 - Intel Dsl6340 Thunderbolt 3 - Intel Dsl6540 Thunderbolt 3 - Intel Jhl8040R Thunderbolt 4 Retimer -	13

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00401.html