A potential security vulnerability in some Intel® Trace Hub instances may allow escalation of privilege. Intel is releasing prescriptive guidance to address this potential vulnerability.
Description: Hardware allows activation of test or debug logic at runtime for some Intel(R) Trace Hub instances which may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
CVSS Base Score: 5.3 Medium
CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
6th Gen Intel® Core™ Processors
7th Gen Intel® Core Processors
8th Gen Intel® Core™ Processors
10th Gen Intel® Core™ Processors
Intel Atom® processor A series
Intel Atom® processor C3000 Automated Driving series
Intel Atom® processor C3000 series
Intel Atom® processor X E3900 series
Intel® 100 series chipset
Intel® 200 series chipset
Intel® 300 series chipset
Intel® C230 series chipset
Intel® C240 series chipset
Intel® C420 chipset
Intel® C620 series chipset
Intel® Celeron® Processor 3000 Series (38XX and 39XX)
Intel® Celeron® Processor 4000 Series (42XX and 43XX)
Intel® Celeron® processor J3000/N3000 series
Intel® Celeron® processor J4000/N4000 series
Intel® Pentium® Gold Processor Series (44XX and 65XX)
Intel® Pentium® Gold Processor Series (54XX)
Intel® Pentium® Processor 4000 Series (44XX)
Intel® Pentium® processor J4000/N4000 series
Intel® Pentium® processor J5000/N5000 series
Intel® X299 chipset
Intel® Xeon® D processor 2000 series
Intel is releasing prescriptive guidance to address this potential vulnerability and will not be providing additional mitigations for these chipset/SOC products.
- Ensuring all security mitigations provided by Intel are applied and systems are running the latest firmware version available from Intel.
- Following standard security practices and preventing unauthorized physical access to systems.
- Intel recommends users follow existing security best practices and alternate security controls.
This vulnerability was researched and reported by Mark Ermolov and Dmitry Sklyarov (Positive Technologies) and Maxim Goryachy (independent).
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.