Sign-up

ID

VAR-201905-0867


CVE

CVE-2019-0119


TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-003441

DESCRIPTION

Buffer overflow vulnerability in system firmware for Intel(R) Xeon(R) Processor D Family, Intel(R) Xeon(R) Scalable Processor, Intel(R) Server Board, Intel(R) Server System and Intel(R) Compute Module may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. plural Intel The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Unified Extensible Firmware Interface is prone to multiple security vulnerabilities. Attackers can leverage these issues to gain elevated privileges and execute arbitrary code to cause denial-of-service conditions on the affected device. Intel Server Board, etc. are all products of Intel Corporation of the United States. Intel Server Board is a server motherboard. Intel Xeon Scalable Processors are a scalable server central processing unit (CPU). Intel Xeon Processor D Family is a Xeon D series server central processing unit (CPU). A buffer overflow vulnerability exists in the system firmware of several Intel products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. A local attacker could exploit this vulnerability to elevate a new server and/or cause a denial of service

Trust: 1.98

sources: NVD: CVE-2019-0119 // JVNDB: JVNDB-2019-004739 // BID: 108485 // VULHUB: VHN-140150

AFFECTED PRODUCTS

vendor:intelmodel:xeon gold processorsscope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns2600bps24scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-2142itscope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns2600jfqscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-1567scope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns2600bpq24scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-2123itscope:eqversion: -

Trust: 1.0

vendor:intelmodel:server board s2600stscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-1622scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-1571scope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns2600tpfscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-1623nscope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns2400lpscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-1518scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-1521scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-1533nscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-1523nscope:eqversion: -

Trust: 1.0

vendor:intelmodel:server board s2600bpscope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns2600tp24srscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-1540scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-2183itscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-2191scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon bronze processorsscope:eqversion: -

Trust: 1.0

vendor:intelmodel:server board s1200spscope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns2600tpscope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns2600kpfrscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-1602scope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns2600wpqscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-2146ntscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-1531scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-1627scope:eqversion: -

Trust: 1.0

vendor:intelmodel:server board s2600kpscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-2187ntscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-1520scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-1541scope:eqversion: -

Trust: 1.0

vendor:intelmodel:mfs5520virscope:eqversion: -

Trust: 1.0

vendor:intelmodel:server board s2600tpscope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns2600jfscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-1633nscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-1637scope:eqversion: -

Trust: 1.0

vendor:intelmodel:server board s2600wtscope:eqversion: -

Trust: 1.0

vendor:intelmodel:server board s7200apscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-1543nscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-1548scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-1513nscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-1529scope:eqversion: -

Trust: 1.0

vendor:intelmodel:mfs2600kiscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-2166ntscope:eqversion: -

Trust: 1.0

vendor:intelmodel:server board s2600cwscope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns2600tprscope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns2600tpfrscope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns2600bpblcscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-1653nscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-1539scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-1577scope:eqversion: -

Trust: 1.0

vendor:intelmodel:mfs5000siscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-1537scope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns2600bpblc24scope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns7200aprlscope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns2600tpnrscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-2145ntscope:eqversion: -

Trust: 1.0

vendor:intelmodel:server system s9200wkscope:eqversion: -

Trust: 1.0

vendor:intelmodel:server board s2600wfscope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns2600bpbscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-1557scope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns2600wpfscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon silver processorsscope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns7200aprscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-2141iscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-1649nscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-2163itscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-1559scope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns2600kpscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-1527scope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns7200aplscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-2161iscope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns2600wpscope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns2600jffscope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns2600tp24strscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon platinum processorsscope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns2600kpfscope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns2600kprscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-2143itscope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns2600bpb24scope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns2600bpqscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-1528scope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-2177ntscope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns7200apscope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns2600bpsscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-2173itscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon d-1553nscope:eqversion: -

Trust: 1.0

vendor:intelmodel:hns2600tp24rscope:eqversion: -

Trust: 1.0

vendor:intelmodel:acu wizardscope: - version: -

Trust: 0.8

vendor:intelmodel:active management technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:converged security management enginescope: - version: -

Trust: 0.8

vendor:intelmodel:driver and support assistantscope: - version: -

Trust: 0.8

vendor:intelmodel:dynamic application loaderscope: - version: -

Trust: 0.8

vendor:intelmodel:i915scope: - version: -

Trust: 0.8

vendor:intelmodel:nuc board nuc7i7dnbescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i5dnhescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i7dnhescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i7dnkescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc8i7hnkscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc8i7hvkscope: - version: -

Trust: 0.8

vendor:intelmodel:proset/wireless software driverscope: - version: -

Trust: 0.8

vendor:intelmodel:quartus ii programmer and toolsscope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope: - version: -

Trust: 0.8

vendor:intelmodel:trusted execution enginescope: - version: -

Trust: 0.8

vendor:intelmodel:intelscope: - version: -

Trust: 0.8

vendor:intelmodel:quartus primescope: - version: -

Trust: 0.8

vendor:intelmodel:scs discovery utilityscope: - version: -

Trust: 0.8

vendor:intelmodel:unite clientscope: - version: -

Trust: 0.8

vendor:intelmodel:graphics driverscope: - version: -

Trust: 0.8

vendor:intelmodel:xeon d-1602scope: - version: -

Trust: 0.8

vendor:intelmodel:xeon d-1622scope: - version: -

Trust: 0.8

vendor:intelmodel:xeon d-1623nscope: - version: -

Trust: 0.8

vendor:intelmodel:xeon d-1627scope: - version: -

Trust: 0.8

vendor:intelmodel:xeon d-1633nscope: - version: -

Trust: 0.8

vendor:intelmodel:xeon d-1637scope: - version: -

Trust: 0.8

vendor:intelmodel:xeon d-1649nscope: - version: -

Trust: 0.8

vendor:intelmodel:xeon d-1653nscope: - version: -

Trust: 0.8

vendor:intelmodel:xeon d-2141iscope: - version: -

Trust: 0.8

vendor:intelmodel:xeon d-2177ntscope: - version: -

Trust: 0.8

vendor:intelmodel:xeon scalable processorsscope:eqversion:0

Trust: 0.3

vendor:intelmodel:xeon d processorscope:eqversion:0

Trust: 0.3

vendor:intelmodel:pentium silver processor seriesscope:eqversion:0

Trust: 0.3

vendor:intelmodel:pentium processor n seriesscope:eqversion:0

Trust: 0.3

vendor:intelmodel:pentium processor j seriesscope:eqversion:0

Trust: 0.3

vendor:intelmodel:compute modulescope:eqversion:0

Trust: 0.3

vendor:intelmodel:celeron processor n seriesscope:eqversion:0

Trust: 0.3

vendor:intelmodel:celeron processor j seriesscope:eqversion:0

Trust: 0.3

vendor:intelmodel:atom processor e3900 seriesscope:eqversion:0

Trust: 0.3

vendor:intelmodel:atom processor a seriesscope:eqversion:0

Trust: 0.3

sources: BID: 108485 // JVNDB: JVNDB-2019-003441 // JVNDB: JVNDB-2019-004739 // NVD: CVE-2019-0119

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0119
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-0119
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-763
value: MEDIUM

Trust: 0.6

VULHUB: VHN-140150
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-0119
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-140150
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0119
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-140150 // JVNDB: JVNDB-2019-004739 // CNNVD: CNNVD-201905-763 // NVD: CVE-2019-0119

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-140150 // JVNDB: JVNDB-2019-004739 // NVD: CVE-2019-0119

THREAT TYPE

local

Trust: 0.9

sources: BID: 108485 // CNNVD: CNNVD-201905-763

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201905-763

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003441

PATCH
title:INTEL-SA-00234 - IntelR SCS Discovery Utility and IntelR ACU Wizard Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00234.html
Trust: 0.8
title:INTEL-SA-00244 - IntelR QuartusR Software Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00244.html
Trust: 0.8
title:INTEL-SA-00245 - Intel UniteR Client for Android* Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00245.html
Trust: 0.8
title:INTEL-SA-00204 - Intel IntelR PROSet/Wireless WiFi Software Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00204.html
Trust: 0.8
title:INTEL-SA-00249 - IntelR i915 Graphics for Linux Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00249.html
Trust: 0.8
title:INTEL-SA-00213 - IntelR CSME, IntelR SPS, IntelR TXE, IntelR DAL, and IntelR AMT 2019.1 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html
Trust: 0.8
title:INTEL-SA-00251 - IntelR NUC Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00251.html
Trust: 0.8
title:INTEL-SA-00218 - IntelR Graphics Driver for Windows* 2019.1 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00218.html
Trust: 0.8
title:INTEL-SA-00252 - IntelR Driver & Support Assistant Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00252.html
Trust: 0.8
title:INTEL-SA-00223 - Intel 2019.1 QSR UEFI Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00223.html
Trust: 0.8
title:INTEL-SA-00228 - Intel UniteR Client Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00228.html
Trust: 0.8
title:INTEL-SA-00233 - Microarchitectural Data Sampling Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
Trust: 0.8
title:INTEL-SA-00223url:https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00223.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            JVNDB: JVNDB-2019-004739

EXTERNAL IDS
db:NVDid:CVE-2019-0119
Trust: 2.8
db:BIDid:108485
Trust: 2.0
db:JVNid:JVNVU92328381
Trust: 1.6
db:JVNDBid:JVNDB-2019-003441
Trust: 1.6
db:JVNDBid:JVNDB-2019-004739
Trust: 0.8
db:CNNVDid:CNNVD-201905-763
Trust: 0.7
db:AUSCERTid:ESB-2019.2047
Trust: 0.6
db:LENOVOid:LEN-26294
Trust: 0.6
db:VULHUBid:VHN-140150
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140150 // 
            
            
            
            BID: 108485 // 
            
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            JVNDB: JVNDB-2019-004739 // 
            
            
            
            CNNVD: CNNVD-201905-763 // 
            
            
            
            NVD: CVE-2019-0119

REFERENCES
url:http://www.securityfocus.com/bid/108485
Trust: 2.3
url:https://support.f5.com/csp/article/k85585101
Trust: 1.7
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00223.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-0119
Trust: 1.4
url:http://www.intel.com/
Trust: 0.9
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00218.html
Trust: 0.9
url:https://jvn.jp/vu/jvnvu92328381/index.html
Trust: 0.8
url:https://mdsattacks.com/files/ridl.pdf
Trust: 0.8
url:https://mdsattacks.com/files/fallout.pdf
Trust: 0.8
url:https://zombieloadattack.com/
Trust: 0.8
url:https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0119
Trust: 0.8
url:https://jvn.jp/vu/jvnvu92328381/
Trust: 0.8
url:https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-003441.html
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.2047/
Trust: 0.6
url:https://support.lenovo.com/us/en/product_security/len-26294
Trust: 0.6
sources:
            
            
            VULHUB: VHN-140150 // 
            
            
            
            BID: 108485 // 
            
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            JVNDB: JVNDB-2019-004739 // 
            
            
            
            CNNVD: CNNVD-201905-763 // 
            
            
            
            NVD: CVE-2019-0119

CREDITS
Intel
Trust: 0.9
sources:
            
            
            BID: 108485 // 
            
            
            
            CNNVD: CNNVD-201905-763

SOURCES
db:VULHUBid:VHN-140150
db:BIDid:108485
db:JVNDBid:JVNDB-2019-003441
db:JVNDBid:JVNDB-2019-004739
db:CNNVDid:CNNVD-201905-763
db:NVDid:CVE-2019-0119

LAST UPDATE DATE
2024-11-23T20:21:11.178000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140150date:2019-06-06T00:00:00
db:BIDid:108485date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2019-003441date:2019-05-16T00:00:00
db:JVNDBid:JVNDB-2019-004739date:2019-06-06T00:00:00
db:CNNVDid:CNNVD-201905-763date:2019-08-29T00:00:00
db:NVDid:CVE-2019-0119date:2024-11-21T04:16:16.060

SOURCES RELEASE DATE
db:VULHUBid:VHN-140150date:2019-05-17T00:00:00
db:BIDid:108485date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2019-003441date:2019-05-16T00:00:00
db:JVNDBid:JVNDB-2019-004739date:2019-06-06T00:00:00
db:CNNVDid:CNNVD-201905-763date:2019-05-17T00:00:00
db:NVDid:CVE-2019-0119date:2019-05-17T16:29:01.783