CVE-2018-12207 — MEDIUM (6.5)

Vulnerability Description

Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Intel	Core I3-10110U Firmware	-
Intel	Core I3-10110U	-
Intel	Core I3-10110Y Firmware	-
Intel	Core I3-10110Y	-
Intel	Core I3-1005G1 Firmware	-
Intel	Core I3-1005G1	-
Intel	Core I3-9300T Firmware	-
Intel	Core I3-9300T	-
Intel	Core I3-9300 Firmware	-
Intel	Core I3-9300	-
Intel	Core I3-9100 Firmware	-
Intel	Core I3-9100	-
Intel	Core I3-9100T Firmware	-
Intel	Core I3-9100T	-
Intel	Core I3-9350K Firmware	-
Intel	Core I3-9350K	-
Intel	Core I3-9320 Firmware	-
Intel	Core I3-9320	-
Intel	Core I3-8145U Firmware	-
Intel	Core I3-8145U	-

Related Weaknesses (CWE)

CWE-20

References

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.htmlMailing ListThird Party Advisory
https://access.redhat.com/errata/RHSA-2019:3916Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3936Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3941Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0026Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0028Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0204Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://seclists.org/bugtraq/2020/Jan/21Mailing ListThird Party Advisory
https://security.gentoo.org/glsa/202003-56Third Party Advisory
https://support.f5.com/csp/article/K17269881?utm_source=f5support&amp%3Butm_medi
https://usn.ubuntu.com/4186-2/Third Party Advisory
https://www.debian.org/security/2020/dsa-4602Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00210.Vendor Advisory

FAQ

What is CVE-2018-12207?

CVE-2018-12207 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host sy...

How severe is CVE-2018-12207?

CVE-2018-12207 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-12207?

Check the references section above for vendor advisories and patch information. Affected products include: Intel Core I3-10110U Firmware, Intel Core I3-10110U, Intel Core I3-10110Y Firmware, Intel Core I3-10110Y, Intel Core I3-1005G1 Firmware.