Vulnerabilities > CVE-2020-8672 - Out-of-bounds Read vulnerability in Intel Bios

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

intel

CWE-125

NVD

Published: 2021-02-02

Updated: 2021-02-08

Summary

Out of bound read in BIOS firmware for 8th, 9th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 Series Processors may allow an unauthenticated user to potentially enable elevation of privilege or denial of service via local access.

Vulnerable Configurations

Part	Description	Count
OS	Intel Intel Bios -	1
Hardware	Intel Intel Celeron 4205U - Intel Celeron 4305U - Intel Celeron 4305Ue - Intel Core I3 8100 - Intel Core I3 8100F - Intel Core I3 8100T - Intel Core I3 8300 - Intel Core I3 8300T - Intel Core I3 8350K - Intel Core I3 9100 - Intel Core I3 9100F - Intel Core I3 9100T - Intel Core I3 9300 - Intel Core I3 9300T - Intel Core I3 9320 - Intel Core I3 9350K - Intel Core I3 9350Kf - Intel Core I5 8400 - Intel Core I5 8400T - Intel Core I5 8500 - Intel Core I5 8500T - Intel Core I5 8600 - Intel Core I5 8600K - Intel Core I5 8600T - Intel Core I5 9400 - Intel Core I5 9400F - Intel Core I5 9400T - Intel Core I5 9500 - Intel Core I5 9500F - Intel Core I5 9500T - Intel Core I5 9600 - Intel Core I5 9600K - Intel Core I5 9600Kf - Intel Core I5 9600T - Intel Core I7 8086K - Intel Core I7 8700 - Intel Core I7 8700K - Intel Core I7 8700T - Intel Core I7 9700 - Intel Core I7 9700F - Intel Core I7 9700K - Intel Core I7 9700Kf - Intel Core I7 9700T - Intel Core I9 9900 - Intel Core I9 9900K - Intel Core I9 9900Kf - Intel Core I9 9900Ks - Intel Core I9 9900T -	48

Common Weakness Enumeration (CWE)

CWE-125 - Out-of-bounds Read

Common Attack Pattern Enumeration and Classification (CAPEC)

Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00356.html