CVE-2008-7096 — Improper Handling of Overlap Between Protected Memory Ranges in Intel Bios

CWE-264 CWE-1260 — Improper Handling of Overlap Between Protected Memory Ranges3 documents3 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 81.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Bios

Timeline

PublishedAug 27

Latest updateMay 17

Description

Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35MP, DP35DP, DG33FB, DG33BU, DG33TL, MGM965TW, D945GCPE, and DX38BT allows local administrators with ring 0 privileges to gain additional privileges and modify code that is running in System Management Mode, or access hypervisory memory as demonstrated at Black Hat 2008 by accessing certain remapping registers in Xen 3.3.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

▶NVDintel/bios8 versions+7

Patches

Patch: security-center.intel.com ↗Patch: security-center.intel.com ↗

🔴Vulnerability Details

GHSA

GHSA-j6vc-v42r-phc6: Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35MP, DP35DP, DG33FB, DG33BU, DG33TL, MGM965TW, D945GCPE, and DX38BT allows local a↗2022-05-17

▶

📐Framework References

CWE

Improper Handling of Overlap Between Protected Memory Ranges↗

▶