Allele Security Alert
ASA-2019-00569
Identifier(s)
ASA-2019-00569, CVE-2019-14570, INTEL-SA-00296
Title
Memory corruption in system firmware
Vendor(s)
Intel
Product(s)
Intel NUC
Affected version(s)
Intel NUC 8 Mainstream Game Kit versions before INWHL357
Intel NUC 8 Mainstream Game Mini Computer versions before INWHL357
Intel NUC Board DE3815TYBE (H26998-500 & later) versions before TY0022
Intel NUC Board DE3815TYBE versions before TY0067
Intel NUC Kit DE3815TYKHE (H27002-500 & later) versions before TY0022
Intel NUC Kit DE3815TYKHE versions before TY0067
Intel NUC Kit DN2820FYKH versions before FY0069
Fixed version(s)
Intel NUC 8 Mainstream Game Kit version INWHL357
Intel NUC 8 Mainstream Game Mini Computer version INWHL357
Intel NUC Board DE3815TYBE (H26998-500 & later) version TY0022
Intel NUC Board DE3815TYBE version TY0067
Intel NUC Kit DE3815TYKHE (H27002-500 & later) version TY0022
Intel NUC Kit DE3815TYKHE version TY0067
Intel NUC Kit DN2820FYKH version FY0069
Proof of concept
Unknown
Description
Memory corruption in system firmware for Intel NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
Technical details
Unknown
Credits
Alexander Ermolov
Reference(s)
INTEL-SA-00296
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00296.html
BIOS Update [INWHL357]
https://downloadcenter.intel.com/download/29066/BIOS-Update-INWHL357-
BIOS Update [TYBYT20H.86A]
https://downloadcenter.intel.com/download/28952
BIOS Update [TYBYT10H.86A]
https://downloadcenter.intel.com/download/29053/BIOS-Update-TYBYT10H-86A-
BIOS Update [FYBYT10H.86A]
https://downloadcenter.intel.com/download/28988/BIOS-Update-FYBYT10H-86A-
CVE-2019-14570
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14570
CVE-2019-14570
https://nvd.nist.gov/vuln/detail/CVE-2019-14570
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: October 21, 2019