My Blog

Intel® Processor Diagnostic Tool Advisory

Intel ID: INTEL-SA-00268
Advisory Category: Software
Impact of vulnerability: Escalation of Privilege, Denial of Service, Information Disclosure
Severity rating: HIGH
Original release: 07/09/2019
Last revised: 07/09/2019

Summary:

A potential security vulnerability in the Intel® Processor Diagnostic Tool may allow escalation of privilege, denial of service, or information disclosure.  Intel is releasing software updates to mitigate this potential vulnerability.

Vulnerability Details:

CVEID: CVE-2019-11133

Description: Improper access control in the Intel(R) Processor Diagnostic Tool before version 4.1.2.24 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Affected Products:

Intel® Processor Diagnostic Tool for 32-bit before version 4.1.2.24_32bit.

Intel® Processor Diagnostic Tool for 64-bit before version 4.1.2.24_64bit.

Recommendations:

Intel recommends that users of Intel® Processor Diagnostic Tool update to version 4.1.2.24 or later.

Updates are available for download at this location:

https://downloadcenter.intel.com/download/19792/Intel-Processor-Diagnostic-Tool

Acknowledgements:

Intel would like to thank Jesse Michael from Eclypsium for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Revision History

Revision Date Description
1.0 07/09/2019 Initial Release
my-tracker_cpteIntel® Processor Diagnostic Tool Advisory