ASA-2019-00327 – Intel NUC: Out-of-bounds read/write in system firmware


Allele Security Alert

ASA-2019-00327

Identifier(s)

ASA-2019-00327, CVE-2019-11124, INTEL-SA-00264

Title

Out-of-bounds read/write in system firmware

Vendor(s)

Intel

Product(s)

Intel® NUC
Intel® Compute Card
Intel® Compute Stick

Affected version(s)

Intel® NUC Kit NUC8i3BEx before BIOS version 0071
Intel® NUC Kit NUC8i5BEx before BIOS version 0071
Intel® NUC Kit NUC8i7BEx before BIOS version 0071
Intel® Compute Card CD1P64GK before BIOS version 0050
Intel® Compute Card CD1C64GK before BIOS version 0050
Intel® NUC Kit NUC8i3CYx before BIOS version 0040
Intel® NUC Kit NUC8i7HNK before BIOS version 0054
Intel® NUC Kit NUC8i7HVK before BIOS version 0054
Intel® NUC Kit NUC7i7DNx before BIOS version 0063
Intel® NUC Kit NUC7i5DNx before BIOS version 0063
Intel® NUC Kit NUC7i3DNx before BIOS version 0063
Intel® Compute Stick STK2MV64CC before BIOS version 0060
Intel® Compute Stick STK2M3W64CC before BIOS version 0060
Intel® Compute Stick STK2M364CC before BIOS version 0060
Intel® NUC Kit NUC6i7KYk before BIOS version 0062
Intel® NUC Kit NUC7PJY before BIOS version 0039
Intel® NUC Kit NUC7CJY before BIOS version 0049
Intel® NUC KitNUC6CAYx before BIOS version 0060
Intel® NUC Kit DE3815TYB before BIOS version 0020
Intel® NUC Kit DE3815TYB before BIOS version 0065
Intel® NUC Kit NUC5CPYH before BIOS version 0076
Intel® NUC Kit NUC5PPYH before BIOS version 0076
Intel® NUC Kit NUC5PGYH before BIOS version 0076
Intel® NUC Kit NUC5i7RYx before BIOS version 0379
Intel® NUC Kit NUC5i3RYx before BIOS version 0379
Intel® NUC Kit NUC5i5RYx before BIOS version 0379
Intel® NUC Kit NUC5i5MYx before BIOS version 0051
Intel® NUC Kit NUC5i3MYx before BIOS version 0054
Intel® NUC Kit DN2820FYKH before BIOS version 0067
Intel® Compute Stick STCK1A32WFC before BIOS version 0039
Intel® Compute Stick STCK1A8LFC before BIOS version 0039
Intel® Compute Card CD1M3128MK before BIOS version 0056
Intel® Compute Card CD1IV128MK before BIOS version 0036
Intel® NUC Kit NUC7i3BNx before BIOS version 0079
Intel® NUC Kit NUC7i5BNx before BIOS version 0079
Intel® NUC Kit NUC7i7BNx before BIOS version 0079
Intel® NUC Kit NUC6i3SYx before BIOS version 0070
Intel® NUC Kit NUC6i5SYx before BIOS version 0070
Intel® NUC Kit D54250WYx before BIOS version 0051
Intel® NUC Kit D34010WYx before BIOS version 0051

Fixed version(s)

Intel® NUC Kit NUC8i3BEx BIOS version 0071
Intel® NUC Kit NUC8i5BEx BIOS version 0071
Intel® NUC Kit NUC8i7BEx BIOS version 0071
Intel® Compute Card CD1P64GK BIOS version 0050
Intel® Compute Card CD1C64GK BIOS version 0050
Intel® NUC Kit NUC8i3CYx BIOS version 0040
Intel® NUC Kit NUC8i7HNK BIOS version 0054
Intel® NUC Kit NUC8i7HVK BIOS version 0054
Intel® NUC Kit NUC7i7DNx BIOS version 0063
Intel® NUC Kit NUC7i5DNx BIOS version 0063
Intel® NUC Kit NUC7i3DNx BIOS version 0063
Intel® Compute Stick STK2MV64CC BIOS version 0060
Intel® Compute Stick STK2M3W64CC BIOS version 0060
Intel® Compute Stick STK2M364CC BIOS version 0060
Intel® NUC Kit NUC6i7KYk BIOS version 0062
Intel® NUC Kit NUC7PJY BIOS version 0039
Intel® NUC Kit NUC7CJY BIOS version 0049
Intel® NUC KitNUC6CAYx BIOS version 0060
Intel® NUC Kit DE3815TYB BIOS version 0020
Intel® NUC Kit DE3815TYB BIOS version 0065
Intel® NUC Kit NUC5CPYH BIOS version 0076
Intel® NUC Kit NUC5PPYH BIOS version 0076
Intel® NUC Kit NUC5PGYH BIOS version 0076
Intel® NUC Kit NUC5i7RYx BIOS version 0379
Intel® NUC Kit NUC5i3RYx BIOS version 0379
Intel® NUC Kit NUC5i5RYx BIOS version 0379
Intel® NUC Kit NUC5i5MYx BIOS version 0051
Intel® NUC Kit NUC5i3MYx BIOS version 0054
Intel® NUC Kit DN2820FYKH BIOS version 0067
Intel® Compute Stick STCK1A32WFC BIOS version 0039
Intel® Compute Stick STCK1A8LFC BIOS version 0039
Intel® Compute Card CD1M3128MK BIOS version 0056
Intel® Compute Card CD1IV128MK BIOS version 0036
Intel® NUC Kit NUC7i3BNx BIOS version 0079
Intel® NUC Kit NUC7i5BNx BIOS version 0079
Intel® NUC Kit NUC7i7BNx BIOS version 0079
Intel® NUC Kit NUC6i3SYx BIOS version 0070
Intel® NUC Kit NUC6i5SYx BIOS version 0070
Intel® NUC Kit D54250WYx BIOS version 0051
Intel® NUC Kit D34010WYx BIOS version 0051

Proof of concept

Unknown

Description

Out of bound read/write in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.

Technical details

Unknown

Credits

Alexander Ermolov

Reference(s)

Intel® NUC Firmware Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html

CVE-2019-11124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11124

CVE-2019-11124
https://nvd.nist.gov/vuln/detail/CVE-2019-11124

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: June 11, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.