Intel Monthly December Security Update, December 2019
Security Advisories that affect BIOS:
Intel-SA-00289 – Intel® Trusted Execution Technology 2019.2 IPU Advisory
- Summary: A potential security vulnerability in some Intel® Processors may allow escalation of privilege and/or information disclosure. Intel has released firmware updates to system manufacturers to mitigate this potential vulnerability
- Severity: HIGH
- CVEID: CVE-2019-11157
Description: Improper conditions check in voltage settings for some Intel® Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure via local access.
CVSS Base Score: 7.9 High
Intel-SA-00317 – Unexpected Page Fault in Virtualized Environment Advisory
- Summary: A potential security vulnerability in multiple Intel® processors may allow escalation of privilege, denial of service, and/or information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability.
- Severity: MEDIUM
- CVEID: CVE-2019-14607
Description: Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local access.
Security Advisories that don’t affect BIOS:
- Intel-SA-00230 – Intel® Dynamic Platform and Thermal Framework Advisory
- Intel-SA-00237 – Linux Administrative Tools for Intel Network Adapters
- Intel-SA-00253 – Intel® Ethernet I218 Adapter Driver Advisory
- Intel-SA-00284 – Intel® FPGA SDK for OpenCL™ Pro Edition
- Intel-SA-00299 – Intel® Control Center Advisory
- Intel-SA-00311 – Intel® Quartus® Prime Pro Edition Advisory
- Intel-SA-00312 – Intel® SCS Platform Discovery Utility Advisory
- Intel-SA-00323 – Intel® NUC® Firmware Advisory
- Intel-SA-00324 – Intel® RST Advisory