CVE-2018-12201
Published: 14 March 2019
Buffer overflow vulnerability in Platform Sample / Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor, Intel(R) Pentium(R) Silver J5005 Processor, Intel(R) Pentium(R) Silver N5000 Processor, Intel(R) Celeron(R) J4105 Processor, Intel(R) Celeron(R) J4005 Processor, Intel Celeron(R) N4100 Processor and Intel(R) Celeron N4000 Processor may allow privileged user to potentially execute arbitrary code via local access.
Notes
| Author | Note |
|---|---|
| sbeattie | it is unclear whether this issue is addressed in cpu microcode or in other firmware, but if it is in cpu microcode, subsequent updates have addressed the issue. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
intel-microcode Launchpad, Ubuntu, Debian |
bionic |
Released
(3.20190514.0ubuntu0.18.04.2)
|
| cosmic |
Released
(3.20190514.0ubuntu0.18.10.1)
|
|
| disco |
Not vulnerable
(3.20190312.1)
|
|
| trusty |
Released
(3.20190514.0ubuntu0.14.04.1)
|
|
| upstream |
Needs triage
|
|
| xenial |
Released
(3.20190514.0ubuntu0.16.04.1)
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.7 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | High |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |