Vulnerability Description
Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the SINIT Authenticated Code Module (ACM), which allows local users to bypass the Trusted Execution Technology protection mechanism and gain privileges by modifying the MCHBAR register to point to an attacker-controlled region, which prevents the SENTER instruction from properly applying VT-d protection while an MLE is being loaded.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Intel | Gm45 Chipset | All versions |
| Intel | Pm45 Express Chipset | All versions |
| Intel | Q35 Chipset | All versions |
| Intel | Q43 Express Chipset | All versions |
| Intel | Q45 Chipset | All versions |
Related Weaknesses (CWE)
References
- http://invisiblethingslab.com/resources/misc09/Another%20TXT%20Attack.pdf
- http://osvdb.org/61248
- http://secunia.com/advisories/37900Vendor Advisory
- http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00021&languageidVendor Advisory
- http://theinvisiblethings.blogspot.com/2009/12/another-txt-attack.html
- http://www.securityfocus.com/bid/37430
- http://www.securitytracker.com/id?1023382
- http://www.vupen.com/english/advisories/2009/3618Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54963
- http://invisiblethingslab.com/resources/misc09/Another%20TXT%20Attack.pdf
- http://osvdb.org/61248
- http://secunia.com/advisories/37900Vendor Advisory
- http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00021&languageidVendor Advisory
- http://theinvisiblethings.blogspot.com/2009/12/another-txt-attack.html
- http://www.securityfocus.com/bid/37430
FAQ
What is CVE-2009-4419?
CVE-2009-4419 is a vulnerability with a CVSS score of 7.2 (HIGH). Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the SINIT Authenticated Code Module (ACM), which allows local users to bypass the Trusted Execution Technology protection mechanism and ...
How severe is CVE-2009-4419?
CVE-2009-4419 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4419?
Check the references section above for vendor advisories and patch information. Affected products include: Intel Gm45 Chipset, Intel Pm45 Express Chipset, Intel Q35 Chipset, Intel Q43 Express Chipset, Intel Q45 Chipset.