Details of VAR-202011-1391

ID

VAR-202011-1391

CVE

CVE-2020-8750

TITLE

Intel(R) TXE Vulnerabilities in the use of freed memory

Trust: 0.8

sources: JVNDB: JVNDB-2020-013583

DESCRIPTION

Use after free in Kernel Mode Driver for Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) TXE Is vulnerable to the use of freed memory.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-8750 // JVNDB: JVNDB-2020-013583 // VULHUB: VHN-186875

AFFECTED PRODUCTS

vendor:	intel	model:	trusted execution engine	scope:	lt	version:	4.0.30	Trust: 1.0
vendor:	intel	model:	trusted execution engine	scope:	lt	version:	3.1.80	Trust: 1.0
vendor:	intel	model:	trusted execution engine	scope:	gte	version:	4.0	Trust: 1.0
vendor:	インテル	model:	intel trusted execution engine	scope:	eq	version:	intel trusted execution engine firmware 3.1.80	Trust: 0.8
vendor:	インテル	model:	intel trusted execution engine	scope:	eq	version:	intel trusted execution engine firmware 4.0.30	Trust: 0.8
vendor:	インテル	model:	intel trusted execution engine	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013583 // NVD: CVE-2020-8750

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8750
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-8750
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201911-1660
value:	HIGH
Trust: 0.6
VULHUB:	VHN-186875
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-8750
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-186875
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-8750
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-8750
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-186875 // JVNDB: JVNDB-2020-013583 // CNNVD: CNNVD-201911-1660 // NVD: CVE-2020-8750

PROBLEMTYPE DATA

problemtype:	CWE-416	Trust: 1.1
problemtype:	Use of freed memory (CWE-416) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-186875 // JVNDB: JVNDB-2020-013583 // NVD: CVE-2020-8750

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-1660

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201911-1660

PATCH

title:	INTEL-SA-00391	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391.html	Trust: 0.8
title:	Intel TXE Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135437	Trust: 0.6

sources: JVNDB: JVNDB-2020-013583 // CNNVD: CNNVD-201911-1660

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8750	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013583	Trust: 0.8
db:	LENOVO	id:	LEN-39432	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3958.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3958	Trust: 0.6
db:	CNNVD	id:	CNNVD-201911-1660	Trust: 0.6
db:	VULHUB	id:	VHN-186875	Trust: 0.1

sources: VULHUB: VHN-186875 // JVNDB: JVNDB-2020-013583 // CNNVD: CNNVD-201911-1660 // NVD: CVE-2020-8750

REFERENCES

url:	https://security.netapp.com/advisory/ntap-20201113-0005/	Trust: 1.7
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8750	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3958/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3958.2/	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-39432	Trust: 0.6
url:	https://vigilance.fr/vulnerability/intel-processors-multiple-vulnerabilities-via-csme-sps-txe-amt-dal-33887	Trust: 0.6

sources: VULHUB: VHN-186875 // JVNDB: JVNDB-2020-013583 // CNNVD: CNNVD-201911-1660 // NVD: CVE-2020-8750

SOURCES

db:	VULHUB	id:	VHN-186875
db:	JVNDB	id:	JVNDB-2020-013583
db:	CNNVD	id:	CNNVD-201911-1660
db:	NVD	id:	CVE-2020-8750

LAST UPDATE DATE

2024-11-23T21:08:37.113000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-186875	date:	2020-11-30T00:00:00
db:	JVNDB	id:	JVNDB-2020-013583	date:	2021-07-08T07:58:00
db:	CNNVD	id:	CNNVD-201911-1660	date:	2021-01-04T00:00:00
db:	NVD	id:	CVE-2020-8750	date:	2024-11-21T05:39:22.640

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-186875	date:	2020-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-013583	date:	2021-07-08T00:00:00
db:	CNNVD	id:	CNNVD-201911-1660	date:	2019-11-10T00:00:00
db:	NVD	id:	CVE-2020-8750	date:	2020-11-12T18:15:17.597