Intel ID: INTEL-SA-00160
Product family: 4th Gen Intel® Core™ Processor (Haswell), 5th Gen Intel® Core™ Processor (Broadwell), 6th Gen Intel® Core™ Processor (Skylake), and 7th Gen Intel® Core™ Processor (Kaby Lake)
Impact of vulnerability: Information Disclosure
Severity rating: Important
Original release: 07/10/2018
Last revised: 07/10/2018

Summary:
Intel is releasing patches to mitigate security vulnerability CVE-2017-5704

Description:
Platform sample code firmware included with 4th Gen Intel® Core™ Processor (Haswell), 5th Gen Intel® Core™ Processor (Broadwell), 6th Gen Intel® Core™ Processor (Skylake), and 7th Gen Intel® Core™ Processor (Kaby Lake) potentially exposes password information in memory to a local attacker with administrative privileges.

• High 7.2 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Affected products:
Platform sample code for the following processor generations:
• 4th Gen Intel® Core™ Processor (Haswell)
• 5th Gen Intel® Core™ Processor (Broadwell)
• 6th Gen Intel® Core™ Processor (Skylake)
• 7th Gen Intel® Core™ Processor (Kaby Lake)

Recommendations:
Intel has released updated firmware to address these issues and recommends that end-users contact their system manufacturers for updated system firmware.

Revision History

Revision Date Description
1.0 07/10/2018 Initial Release

CVE Name: CVE-2017-5704


Source: INTEL-SA-00160