VAR-201501-0762
Vulnerability from variot - Updated: 2024-04-19 22:57BIOS As a locking mechanism BIOS_CNTL.BIOSWE When BIOS_CNTL.BLE Use only Intel Corporation Made chipset has a competitive vulnerability (CWE-362) Exists. CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') http://cwe.mitre.org/data/definitions/362.html MITRE of Corey Kallenberg He says: * "When the BIOS_CNTL.BIOSWE bit is set to 1, the BIOS is made writable. Also contained with the BIOS_CNTL register is the BIOS_CNTL.BLE ("BIOS Lock Enable"). When BIOS_CNTL.BLE is set to 1, attempts to write enable the BIOS by setting BIOS_CNTL.BIOSWE to 1 will immediately generate a System Management Interrupt (SMI). It is the job of this SMI to determine whether or not it is permissible to write enable to the BIOS, and if not, immediately set BIOS_CNTL.BIOSWE back to 0; the end result being that the BIOS is not writable." This vulnerability BIOS_CNTL.BIOSWE But 1 Is set to SMI By 0 Until it is returned to BIOS Allows writing to.A user with physical access to the system may be able to write malicious code into the firmware. Also, SPI Flash UEFI Variable Area is write protected BIOS_CNTL.BIOSLE If you are only using UEFI Secure Boot May be bypassed. In addition, the firmware may be destroyed or the system may be halted. Intel is the world's largest manufacturer of personal computer parts and CPUs. Intel Chipsets are prone to a local race-condition security-bypass vulnerability. Local attackers can exploit this issue to perform certain unauthorized actions with elevated privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0762",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "chipsets",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "chipset c200 series",
"scope": null,
"trust": 0.3,
"vendor": "intel",
"version": null
},
{
"model": "chipset series",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00288"
},
{
"db": "BID",
"id": "71869"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001001"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:misc:multiple_vendors",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001001"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Corey Kallenberg and Rafal Wojtczuk",
"sources": [
{
"db": "BID",
"id": "71869"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-119"
}
],
"trust": 0.9
},
"cve": "CVE-2014-8273",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Local",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 6.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2015-001001",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.5,
"id": "CNVD-2015-00288",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2015-001001",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-00288",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00288"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001001"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BIOS As a locking mechanism BIOS_CNTL.BIOSWE When BIOS_CNTL.BLE Use only Intel Corporation Made chipset has a competitive vulnerability (CWE-362) Exists. CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) http://cwe.mitre.org/data/definitions/362.html MITRE of Corey Kallenberg He says: * \"When the BIOS_CNTL.BIOSWE bit is set to 1, the BIOS is made writable. Also contained with the BIOS_CNTL register is the BIOS_CNTL.BLE (\"BIOS Lock Enable\"). When BIOS_CNTL.BLE is set to 1, attempts to write enable the BIOS by setting BIOS_CNTL.BIOSWE to 1 will immediately generate a System Management Interrupt (SMI). It is the job of this SMI to determine whether or not it is permissible to write enable to the BIOS, and if not, immediately set BIOS_CNTL.BIOSWE back to 0; the end result being that the BIOS is not writable.\" This vulnerability BIOS_CNTL.BIOSWE But 1 Is set to SMI By 0 Until it is returned to BIOS Allows writing to.A user with physical access to the system may be able to write malicious code into the firmware. Also, SPI Flash UEFI Variable Area is write protected BIOS_CNTL.BIOSLE If you are only using UEFI Secure Boot May be bypassed. In addition, the firmware may be destroyed or the system may be halted. Intel is the world\u0027s largest manufacturer of personal computer parts and CPUs. Intel Chipsets are prone to a local race-condition security-bypass vulnerability. \nLocal attackers can exploit this issue to perform certain unauthorized actions with elevated privileges",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001001"
},
{
"db": "CNVD",
"id": "CNVD-2015-00288"
},
{
"db": "BID",
"id": "71869"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8273",
"trust": 2.3
},
{
"db": "CERT/CC",
"id": "VU#766164",
"trust": 1.7
},
{
"db": "BID",
"id": "71869",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU96159942",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001001",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-00288",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201501-119",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00288"
},
{
"db": "BID",
"id": "71869"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001001"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-119"
}
]
},
"id": "VAR-201501-0762",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00288"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00288"
}
]
},
"last_update_date": "2024-04-19T22:57:38.199000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Intel 6 Series Chipset/Intel C200 Series Chipset: Datasheet",
"trust": 0.8,
"url": "http://www.intel.com/content/www/us/en/chipsets/6-chipset-c200-chipset-datasheet.html"
},
{
"title": "Intel 8 Series/C220 Series Chipset Family Platform Controller Hub (PCH)",
"trust": 0.8,
"url": "http://www.intel.com/content/dam/www/public/us/en/documents/datasheets/8-series-chipset-pch-datasheet.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001001"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-362",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001001"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.4,
"url": "http://www.kb.cert.org/vuls/id/766164"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8273"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu96159942/index.html"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/71869"
},
{
"trust": 0.3,
"url": "http://www.intel.com/content/www/us/en/chipsets/6-chipset-c200-chipset-datasheet.html"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/766164 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00288"
},
{
"db": "BID",
"id": "71869"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001001"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-119"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-00288"
},
{
"db": "BID",
"id": "71869"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001001"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-119"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00288"
},
{
"date": "2015-01-05T00:00:00",
"db": "BID",
"id": "71869"
},
{
"date": "2015-01-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001001"
},
{
"date": "2015-01-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-119"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00288"
},
{
"date": "2015-01-05T00:00:00",
"db": "BID",
"id": "71869"
},
{
"date": "2015-01-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001001"
},
{
"date": "2015-01-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-119"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "71869"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-119"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel Chipsets Local Competitive Condition Security Bypass Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00288"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-119"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Race Condition Error",
"sources": [
{
"db": "BID",
"id": "71869"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…