CVE-2021-45970: Insyde's Security Pledge | Insyde Software

Common Vulnerabilities and Exposures (CVE)

CVSS v3 Vulnerability Severity

Description

Intel Security Advisory (SA)

Original Date

Last Revised

CVE-2019-0170

8.2

Buffer overflow in subsystem in Intel® Dynamic Application Loader before [12.0.35] may allow privileged user to potentially enable escalation of privilege via local access.

INTEL-SA-00213

05/14/2019

04/14/2020

CVE-2019-0153

9.0

Buffer overflow in subsystem in Intel® CSME before 12.0.35 may allow unauthenticated user to potentially enable escalation of privilege via network access.

INTEL-SA-00213

05/14/2019

04/14/2020

CVE-2019-0126

7.2

Insufficient access control in Silicon Reference firmware for Intel ® Xeon ® Scalable Processor, Intel ® Xeon ® Processor D Family may allow privileged user to potentially enable escalation of privilege or denial of service via local access

INTEL-SA-00223

05/14/2019

05/14/2019

CVE-2019-0120

5.3

Insufficient key protection vulnerability in Silicon Reference firmware for Intel® Pentium® Processor J Series, Intel® Pentium® Processor N Series, Intel® Celeron® J Series, Intel® Celeron® N Series, Intel® Atom® Processor A Series, Intel® Atom® Processor E3900 Series, Intel® Pentium® Processor Silver Series may allow privileged user to potentially enable denial of service via local access.

INTEL-SA-00223

05/14/2019

05/14/2019

CVE-2019-0119

5.7

Buffer overflow vulnerability in system firmware for Intel ® Xeon ® Processor D Family, Intel ® Xeon ® Scalable Processor, Intel® Server Board, Intel® Server System and Intel® Compute Module may allow privileged user to potentially enable escalation of privilege or denial of service via local access.

INTEL-SA-00223

05/14/2019

05/14/2019

CVE-2019-0098

5.7

Logic bug vulnerability in subsystem for Intel® CSME before version 12.0.35, Intel® TXE before 3.1.65, 4.0.15may allow unauthenticated user to potentially enable escalation of privilege via physical access.

INTEL-SA-00213

05/14/2019

04/14/2020

CVE-2019-0097

4.9

Insufficient input validation vulnerability in subsystem for Intel® Active Management Technology (Intel® AMT) before version 12.0.35 may allow privileged user to potentially enable denial of service via network access.

INTEL-SA-00213

05/14/2019

04/14/2020

CVE-2019-0096

6.7

Out of bound write vulnerability in subsystem for Intel® Active Management Technology (Intel® AMT) before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow authenticated user to potentially enable escalation of privilege via adjacent network access.

INTEL-SA-00213

05/14/2019

04/14/2020

CVE-2019-0094

4.3

Insufficient input validation vulnerability in subsystem for Intel® Active Management Technology (Intel® AMT) before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow unauthenticated user to potentially enable denial of service via adjacent network access

INTEL-SA-00213

05/14/2019

04/14/2020

CVE-2019-0093

2.3

Insufficient data sanitization vulnerability in HECI subsystem for Intel® CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35, Intel® Server Platform Services before version SPS_E3_05.00.04.027.0 may allow privileged user to potentially enable information disclosure via local access

INTEL-SA-00213

05/14/2019

04/14/2020

CVE-2019-0092

6.8

Insufficient input validation vulnerability in subsystem for Intel® Active Management Technology (Intel® AMT) before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow unauthenticated user to potentially enable escalation of privilege via physical access

INTEL-SA-00213

05/14/2019

04/14/2020

CVE-2019-0091

6.6

Code injection vulnerability in installer for Intel® CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel® TXE 3.1.65, 4.0.15 may allow unprivileged user to potentially enable escalation of privilege via local access.

INTEL-SA-00213

05/14/2019

04/14/2020

CVE-2019-0086

7.8

Insufficient access control vulnerability in Dynamic Application Loader software for Intel® CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel® TXE 3.1.65, 4.0.15 may allow unprivileged user to potentially enable escalation of privilege via local access

INTEL-SA-00213

05/14/2019

04/14/2020

CVE-2019-0090

7.1

Insufficient access control vulnerability in subsystem for Intel® CSME before version 12.0.35, Intel® Server Platform Services before version SPS_E3_05.00.04.027.0 may allow unauthenticated user to potentially enable escalation of privilege via physical access

INTEL-SA-00213

05/14/2019

04/14/2020

CVE-2019-0089

8.1

Improper data sanitization vulnerability in subsystem in Intel® Server Platform Services before versions SPS_E5_04.00.04.381.0, SPS_E3_04.01.04.054.0, SPS_SoC-A_04.00.04.181.0, and SPS_SoC-X_04.00.04.086.0 may allow privileged user to potentially enable escalation of privilege via local access

INTEL-SA-00213

05/14/2019

04/14/2020

N/A

4.3

Type confusion in HECI service for Intel® Server Platform Services Tools may allow authenticated user to potentially enable escalation of privilege via local access.

N/A

03/04/2019

-

CVE-2018-11091

3.8

Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access

INTEL-SA-00233

05/14/2019

07/14/2020

CVE-2018-12130

6.5

Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

INTEL-SA-00233

05/14/2019

07/14/2020

CVE-2018-12127

6.5

Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

INTEL-SA-00233

05/14/2019

07/14/2020