Published:
13 November 2019
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0314 INTEL-SA-00220 - Intel SGX and TXT Advisory 13 November 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Intel Core Processor Intel Xeon Processor Impact/Access: Increased Privileges -- Unknown/Unspecified Resolution: Patch/Upgrade CVE Names: CVE-2019-0124 CVE-2019-0123 Member content until: Friday, December 13 2019 OVERVIEW Intel has discovered vulnerabilities in the following products: o Intel Core Processors o Intel Xeon Processor [1] IMPACT Intel has provided the folllowing information regarding the vulnerabilities: "Intel ID: INTEL-SA-00220 Advisory Category: Firmware Impact of vulnerability : Escalation of Privilege Severity rating : HIGH Original release: 11/12/2019 Last revised: 11/12/2019" [1] "CVEID: CVE-2019-0123 Description: Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting SGX, may allow a privileged user to potentially enable escalation of privilege via local access. CVSS Base Score: 8.2 High CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVEID: CVE-2019-0124 Description: Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting TXT, may allow a privileged user to potentially enable escalation of privilege via local access. CVSS Base Score: 8.2 High CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H "[1] MITIGATION Intel recommends: " o For all affected Intel Processor systems utilizing Intel SGX and/or Intel TXT, Intel recommends that end users apply the most current BIOS updates from their system manufacturers as soon as possible. o Intel recommends that customers deploy available security updates as soon as possible. o Application providers please refer to Intel SGX Attestation Technical Details to determine whether you may need to implement changes to your SGX application for SGX attestation service." [1] REFERENCES [1] INTEL-SA-00220 - Intel SGX and TXT Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00220.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIUAwUBXctw7GaOgq3Tt24GAQg1kw/4ntu9iKNPIdvTLm4iTXFIZqigeS4YUTiX 7BukyfFejLZmZZWEX4hEII5lXYNQTzuSstqUHb/13EZkl78O4OxTmmJkQh+468I0 DfOUXjkPGmOeWgkEY4SAL8V4NuqPTXIZomESQu1NWRiYiTNo81DAAuOlDTH4wyQm x35yd5L1A+dRfc5coMrg+Z48l31jNJim4n5K68VgNBVtXDBV9PaGW/YQaPzNn6+6 3h4aHd1gqZHfiWecFL6QwiMt1JxIiCZGNBr2fu8NCu1j0H6FSnEbZncooE/LrsOs A4VW45T6cWOEC9Z6yrRYkSl5yIrh0UKBENZeoTZFAtYQ0ok67ebvClb6uvIGfbzr Tz3Dpc/EbySgIzJYjpYRVfA60oI6H9VZSC6E2oOhp5Se2Ai7iWQyEP9I8b/C6wIj f6WbTMedAZM5gKaRH/XIJ8N1unHf0pb/PNyiXDrlE0cOqYPUzEmQsfoN35lcefg3 Afq0eYme6dGBdwDgaenmbV75lbob9nGVs6gutWeOi62YSaF/Fj/JdBV0aze5vQJH /t8WkmoYyovbCABOGbv+8HBcnVE/RgwHl/rRaGdt8K05T+N0VNIRpOcU6WNaxs03 p4A6sGCB4Gq8wjVTx5n2SbZkfMM1WwzQaSJplP+Wi63B17hM0/TfrUoIf9jmShUV CqM47K2qEQ== =hBEI -----END PGP SIGNATURE-----