My Blog

Intel® Turbo Boost Max Technology 3.0 Advisory

Intel ID: INTEL-SA-00243
Advisory Category: Software
Impact of vulnerability: Escalation of Privilege
Severity rating: MEDIUM
Original release: 06/11/2019
Last revised: 06/11/2019

Summary:

A potential security vulnerability in the Intel® Turbo Boost Max Technology 3.0 driver may allow escalation of privilege. Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation notice for the Intel® Turbo Boost Max Technology 3.0 driver.

Vulnerability Details:

CVEID: CVE-2019-0164

Description: Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Products:

Intel® Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before.

Recommendations:

Intel has issued a Product Discontinuation notice for the Intel® Turbo Boost Max Technology 3.0 driver and recommends that users of the Intel® Turbo Boost Max Technology 3.0 driver uninstall it or discontinue use at their earliest convenience.  This does not affect Intel® Turbo Boost Max Technology 3.0 functionality when used with in operating systems with native support (Windows 10 RS5 and later).

Acknowledgements:

Intel would like to thank Marius Gabriel Mihai for reporting this issue and working with us on coordinated disclosure.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Revision History

Revision Date Description
1.0 06/11/2019 Initial Release
my-tracker_cpteIntel® Turbo Boost Max Technology 3.0 Advisory