Out-of-Bounds Affecting intel-microcode package, versions <3.20190514.0ubuntu0.16.04.1


Severity

Recommended
0.0
medium
0
10

Based on Ubuntu security rating.

Threat Intelligence

EPSS
0.08% (36th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UBUNTU1604-INTELMICROCODE-346711
  • published14 Mar 2019
  • disclosed14 Mar 2019

Introduced: 14 Mar 2019

CVE-2018-12201  (opens in a new tab)
CWE-119  (opens in a new tab)

How to fix?

Upgrade Ubuntu:16.04 intel-microcode to version 3.20190514.0ubuntu0.16.04.1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream intel-microcode package and not the intel-microcode package as distributed by Ubuntu. See How to fix? for Ubuntu:16.04 relevant fixed versions and status.

Buffer overflow vulnerability in Platform Sample / Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor, Intel(R) Pentium(R) Silver J5005 Processor, Intel(R) Pentium(R) Silver N5000 Processor, Intel(R) Celeron(R) J4105 Processor, Intel(R) Celeron(R) J4005 Processor, Intel Celeron(R) N4100 Processor and Intel(R) Celeron N4000 Processor may allow privileged user to potentially execute arbitrary code via local access.