CVE-2018-12203
Publication date 14 March 2019
Last updated 24 July 2024
Ubuntu priority
Denial of service vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel Core Processor, 7th Generation Intel Core Processor may allow privileged user to potentially execute arbitrary code via local access.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| intel-microcode | ||
| 18.04 LTS bionic |
Fixed 3.20190514.0ubuntu0.18.04.2
|
|
| 16.04 LTS xenial |
Fixed 3.20190514.0ubuntu0.16.04.1
|
|
| 14.04 LTS trusty |
Fixed 3.20190514.0ubuntu0.14.04.1
|
Notes
sbeattie
it is unclear whether this issue is addressed in cpu microcode or in other firmware, but if it is in cpu microcode, subsequent updates have addressed the issue.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
6.7 · Medium
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | High |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |