Intel Server Platform Services vulnerabilities

CVE-2023-29153 [MEDIUM] CWE-400 CVE-2023-29153: Uncontrolled resource consumption for some Intel(R) SPS firmware before version SPS_E5_06.01.04.002. Uncontrolled resource consumption for some Intel(R) SPS firmware before version SPS_E5_06.01.04.002.0 may allow a privileged user to potentially enable denial of service via network access.

CVE-2022-36348 [HIGH] CVE-2022-36348: Active debug code in some Intel (R) SPS firmware before version SPS_E5_04.04.04.300.0 may allow an a Active debug code in some Intel (R) SPS firmware before version SPS_E5_04.04.04.300.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2022-36794 [MEDIUM] CWE-754 CVE-2022-36794: Improper condition check in some Intel(R) SPS firmware before version SPS_E3_06.00.03.300.0 may allo Improper condition check in some Intel(R) SPS firmware before version SPS_E3_06.00.03.300.0 may allow a privileged user to potentially enable denial of service via local access.

CVE-2021-0051 [MEDIUM] CWE-20 CVE-2021-0051: Improper input validation in the Intel(R) SPS versions before SPS_E5_04.04.04.023.0, SPS_E5_04.04.03 Improper input validation in the Intel(R) SPS versions before SPS_E5_04.04.04.023.0, SPS_E5_04.04.03.228.0 or SPS_SoC-A_05.00.03.098.0 may allow a privileged user to potentially enable denial of service via local access.

CVE-2020-24509 [MEDIUM] CVE-2020-24509: Insufficient control flow management in subsystem in Intel(R) SPS versions before SPS_E3_05.01.04.30 Insufficient control flow management in subsystem in Intel(R) SPS versions before SPS_E3_05.01.04.300.0, SPS_SoC-A_05.00.03.091.0, SPS_E5_04.04.04.023.0, or SPS_E5_04.04.03.263.0 may allow a privileged user to potentially enable escalation of privilege via local access.

CVE-2020-8744 [HIGH] CWE-665 CVE-2020-8744: Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14 Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access.

CVE-2020-8755 [MEDIUM] CWE-362 CVE-2020-8755: Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS vers Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

CVE-2020-8705 [MEDIUM] CWE-1188 CVE-2020-8705: Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthent

CVE-2020-0586 [HIGH] CWE-665 CVE-2020-0586: Improper initialization in subsystem for Intel(R) SPS versions before SPS_E3_04.01.04.109.0 and SPS_ Improper initialization in subsystem for Intel(R) SPS versions before SPS_E3_04.01.04.109.0 and SPS_E3_04.08.04.070.0 may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access.

CVE-2020-0545 [MEDIUM] CWE-190 CVE-2020-0545: Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Inte Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0, SPS_E3_04.08.04.070.0 may allow a privileged user to po

CVE-2019-0090 [HIGH] CVE-2019-0090: Insufficient access control vulnerability in subsystem for Intel(R) CSME before versions 11.x, 12.0. Insufficient access control vulnerability in subsystem for Intel(R) CSME before versions 11.x, 12.0.35 Intel(R) TXE 3.x, 4.x, Intel(R) Server Platform Services 3.x, 4.x, Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

CVE-2019-0089 [MEDIUM] CWE-19 CVE-2019-0089: Improper data sanitization vulnerability in subsystem in Intel(R) SPS before versions SPS_E5_04.00.0 Improper data sanitization vulnerability in subsystem in Intel(R) SPS before versions SPS_E5_04.00.04.381.0, SPS_E3_04.01.04.054.0, SPS_SoC-A_04.00.04.181.0, and SPS_SoC-X_04.00.04.086.0 may allow a privileged user to potentially enable escalation of privilege via local access.