What are you looking for ?
Mobile Search Icon
Mobile Menu Icon
Advertise with us
RAIDON

Potential Security Vulnerability in Some Intel Thunderbolt Controllers

May allow information disclosure, company releasing prescriptive guidance.

This is a Press Release edited by StorageNewsletter.com on August 20, 2020 at 2:09 pm

From Intel Corp.

Intel ID:

INTEL-SA-00411

Advisory Category:

Firmware

Impact of vulnerability:

Information Disclosure

Severity rating:

MEDIUM

Original release:

08/11/2020

Last revised:

08/11/2020

Summary:
A potential security vulnerability in some Intel Thunderbolt controllers may allow information disclosure. Intel is releasing prescriptive guidance to mitigate this potential vulnerability.

Vulnerability Details:

CVEID: CVE-2019-14630

Description: Reliance on untrusted inputs in a security decision in some Intel Thunderbolt controllers may allow unauthenticated user to potentially enable information disclosure via physical access.

CVSS Base Score: 4.8 Medium

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

Affected Products:

  • Thunderbolt 1: Intel DSL3310, DSL3510, DSL4510, and DSL4410.

  • Thunderbolt 2: Intel DSL5520, and DSL5320.

  • Thunderbolt 3: Intel DSL6540, DSL6340, JHL6540, JHL6340, JHL6240, JHL7540, and JHL7340.

Recommendations:
Intel recommends enabling Intel VT-d based DMA protection to mitigate this potential vulnerability for Intel® Thunderbolt 3 controllers.

For a complete Intel VT-d based DMA protection solution, the company recommends the following:

  • 1. UEFI Secure Boot feature enabled.

  • 2. Pre-boot Intel VT-d based DMA protection enabled in UEFI.

  • 3. BIOS Setup Menu protected by password.

  • 4. Intel VT-d based DMA Protection enabled in the OS.

  • 5. Storage drive encryption enabled.

  • 6. An OS or software capability to notify the user if these protections are disabled.

For an overview of how Intel VT-d is used for Thunderbolt security, refer to this link.

For Windows (*): link

For other operating systems, refer to vendor documentation for enabling Kernel DMA protection.

For systems that do not implement Intel VT-d based DMA protection, Intel recommends following good security practices, including the use of only trusted peripherals and preventing unauthorized physical access to computers.

Acknowledgements:
Intel would like to thank Theo Markettos, Colin Rothwell, Allison Pearce, Simon W. Moore and Robert N.M. Watson from University of Cambridge, Brett F. Gutstein from University of Cambridge/Rice University and Peter G. Neumann from SRI International for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Revision History

Revision

Date

Description

1.0

08/11/2020

Initial Release

(*) Other names and brands may be claimed as the property of others.

 

Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E