-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2019.0314
                INTEL-SA-00220 - Intel SGX and TXT Advisory
                             13 November 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Intel Core Processor
                      Intel Xeon Processor
Impact/Access:        Increased Privileges -- Unknown/Unspecified
Resolution:           Patch/Upgrade
CVE Names:            CVE-2019-0124 CVE-2019-0123 
Member content until: Friday, December 13 2019

OVERVIEW

        Intel has discovered vulnerabilities in the following products:
         o Intel Core Processors
         o Intel Xeon Processor [1]


IMPACT

        Intel has provided the folllowing information regarding the 
        vulnerabilities:
        
        "Intel ID:                INTEL-SA-00220
        Advisory Category:        Firmware
        Impact of vulnerability : Escalation of Privilege
        Severity rating :         HIGH
        Original release:         11/12/2019
        Last revised:             11/12/2019" [1]
        
        "CVEID: CVE-2019-0123
        Description: Insufficient memory protection in Intel(R) 6th 
        Generation Core Processors and greater, supporting SGX, may allow a
        privileged user to potentially enable escalation of privilege via 
        local access.
        CVSS Base Score: 8.2 High
        CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
        
        CVEID: CVE-2019-0124
        Description: Insufficient memory protection in Intel(R) 6th 
        Generation Core Processors and greater, supporting TXT, may allow a
        privileged user to potentially enable escalation of privilege via 
        local access.
        CVSS Base Score: 8.2 High
        CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H "[1]


MITIGATION

        Intel recommends:
        
        " o For all affected Intel Processor systems utilizing Intel SGX 
        and/or Intel TXT, Intel recommends that end users apply the most 
        current BIOS updates from their system manufacturers as soon as 
        possible.
        
          o Intel recommends that customers deploy available security 
        updates as soon as possible.
        
          o Application providers please refer to Intel SGX Attestation 
        Technical Details to determine whether you may need to implement 
        changes to your SGX application for SGX attestation service." [1]


REFERENCES

        [1] INTEL-SA-00220 - Intel SGX and TXT Advisory
            https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00220.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIUAwUBXctw7GaOgq3Tt24GAQg1kw/4ntu9iKNPIdvTLm4iTXFIZqigeS4YUTiX
7BukyfFejLZmZZWEX4hEII5lXYNQTzuSstqUHb/13EZkl78O4OxTmmJkQh+468I0
DfOUXjkPGmOeWgkEY4SAL8V4NuqPTXIZomESQu1NWRiYiTNo81DAAuOlDTH4wyQm
x35yd5L1A+dRfc5coMrg+Z48l31jNJim4n5K68VgNBVtXDBV9PaGW/YQaPzNn6+6
3h4aHd1gqZHfiWecFL6QwiMt1JxIiCZGNBr2fu8NCu1j0H6FSnEbZncooE/LrsOs
A4VW45T6cWOEC9Z6yrRYkSl5yIrh0UKBENZeoTZFAtYQ0ok67ebvClb6uvIGfbzr
Tz3Dpc/EbySgIzJYjpYRVfA60oI6H9VZSC6E2oOhp5Se2Ai7iWQyEP9I8b/C6wIj
f6WbTMedAZM5gKaRH/XIJ8N1unHf0pb/PNyiXDrlE0cOqYPUzEmQsfoN35lcefg3
Afq0eYme6dGBdwDgaenmbV75lbob9nGVs6gutWeOi62YSaF/Fj/JdBV0aze5vQJH
/t8WkmoYyovbCABOGbv+8HBcnVE/RgwHl/rRaGdt8K05T+N0VNIRpOcU6WNaxs03
p4A6sGCB4Gq8wjVTx5n2SbZkfMM1WwzQaSJplP+Wi63B17hM0/TfrUoIf9jmShUV
CqM47K2qEQ==
=hBEI
-----END PGP SIGNATURE-----