cnvd - cnvd-2020-47567

CNVD-2020-47567

Vulnerability from cnvd - Published: 2020-08-22

Title

Intel PAC with Arria 10 GX FPGA权限提升漏洞

Description

Intel PAC with Arria 10 GX FPGA和Intel Acceleration Stack都是美国英特尔（Intel）公司的产品。Intel PAC with Arria 10 GX FPGA是一款采用英特尔Arria 10 GX FPGA（现场可编程门阵列）的可编程加速卡。Intel Acceleration Stack是一款加速堆栈，它包含一系列软件、固件和工具，可帮助开发和部署英特尔FPGA。 Intel PAC with Arria 10 GX FPGA（Acceleration Stack）中存在安全漏洞，该漏洞源于错误的访问控制。本地攻击者可利用该漏洞提升权限。

Severity

中

Patch Name

Intel PAC with Arria 10 GX FPGA权限提升漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00375.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-8684

Impacted products

Name
Intel PAC with Arria 10 GX FPGA

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-8684",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-8684"
    }
  },
  "description": "Intel PAC with Arria 10 GX FPGA\u548cIntel Acceleration Stack\u90fd\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Intel PAC with Arria 10 GX FPGA\u662f\u4e00\u6b3e\u91c7\u7528\u82f1\u7279\u5c14Arria 10 GX FPGA\uff08\u73b0\u573a\u53ef\u7f16\u7a0b\u95e8\u9635\u5217\uff09\u7684\u53ef\u7f16\u7a0b\u52a0\u901f\u5361\u3002Intel Acceleration Stack\u662f\u4e00\u6b3e\u52a0\u901f\u5806\u6808\uff0c\u5b83\u5305\u542b\u4e00\u7cfb\u5217\u8f6f\u4ef6\u3001\u56fa\u4ef6\u548c\u5de5\u5177\uff0c\u53ef\u5e2e\u52a9\u5f00\u53d1\u548c\u90e8\u7f72\u82f1\u7279\u5c14FPGA\u3002\n\nIntel PAC with Arria 10 GX FPGA\uff08Acceleration Stack\uff09\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9519\u8bef\u7684\u8bbf\u95ee\u63a7\u5236\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00375.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-47567",
  "openTime": "2020-08-22",
  "patchDescription": "Intel PAC with Arria 10 GX FPGA\u548cIntel Acceleration Stack\u90fd\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Intel PAC with Arria 10 GX FPGA\u662f\u4e00\u6b3e\u91c7\u7528\u82f1\u7279\u5c14Arria 10 GX FPGA\uff08\u73b0\u573a\u53ef\u7f16\u7a0b\u95e8\u9635\u5217\uff09\u7684\u53ef\u7f16\u7a0b\u52a0\u901f\u5361\u3002Intel Acceleration Stack\u662f\u4e00\u6b3e\u52a0\u901f\u5806\u6808\uff0c\u5b83\u5305\u542b\u4e00\u7cfb\u5217\u8f6f\u4ef6\u3001\u56fa\u4ef6\u548c\u5de5\u5177\uff0c\u53ef\u5e2e\u52a9\u5f00\u53d1\u548c\u90e8\u7f72\u82f1\u7279\u5c14FPGA\u3002\r\n\r\nIntel PAC with Arria 10 GX FPGA\uff08Acceleration Stack\uff09\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9519\u8bef\u7684\u8bbf\u95ee\u63a7\u5236\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Intel PAC with Arria 10 GX FPGA\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Intel PAC with Arria 10 GX FPGA"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-8684",
  "serverity": "\u4e2d",
  "submitTime": "2020-08-17",
  "title": "Intel PAC with Arria 10 GX FPGA\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2020-8684 (GCVE-0-2020-8684)

Vulnerability from cvelistv5 – Published: 2020-08-13 03:16 – Updated: 2024-08-04 10:03

Summary

Improper access control in firmware for Intel(R) PAC with Arria(R) 10 GX FPGA before Intel Acceleration Stack version 1.2.1 may allow a privileged user to potentially enable escalation of privilege via local access.

Severity ?

No CVSS data available.

CWE

Escalation of Privilege

Assigner

intel

References

URL

Tags

https://www.intel.com/content/www/us/en/security-…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Intel(R) PAC with Arria(R) 10 GX FPGA Advisory	Affected: Before version 1.2.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:03:46.413Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00375.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Intel(R) PAC with Arria(R) 10 GX FPGA Advisory",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Before version 1.2.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper access control in firmware for Intel(R) PAC with Arria(R) 10 GX FPGA before Intel Acceleration Stack version 1.2.1 may allow a privileged user to potentially enable escalation of privilege via local access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Escalation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-13T03:16:58",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00375.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2020-8684",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Intel(R) PAC with Arria(R) 10 GX FPGA Advisory",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Before version 1.2.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper access control in firmware for Intel(R) PAC with Arria(R) 10 GX FPGA before Intel Acceleration Stack version 1.2.1 may allow a privileged user to potentially enable escalation of privilege via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Escalation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00375.html",
              "refsource": "MISC",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00375.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2020-8684",
    "datePublished": "2020-08-13T03:16:58",
    "dateReserved": "2020-02-06T00:00:00",
    "dateUpdated": "2024-08-04T10:03:46.413Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-47567

CVE-2020-8684 (GCVE-0-2020-8684)

Tags

Sightings

Nomenclature