Potential security vulnerabilities in BIOS firmware for some Intel® Processors may allow escalation of privilege and/or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities.
Description: Improper buffer restrictions in BIOS firmware for 7th, 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
Description: Improper initialization in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an unauthenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 5.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
· 7th Generation Intel® Core™ processors
· 8th Generation Intel® Core™ processors
· 9th Generation Intel® Core™ processors
· 10th Generation Intel® Core™ processors
Intel recommends that users of the affected Intel® products update to the latest BIOS firmware version provided by the system manufacturer that addresses these issues.
Intel would like to thank Dmitry Frolov for reporting CVE-2020-0528, and an Intel partner for reporting CVE-2020-0529.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.