Description
Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the SINIT Authenticated Code Module (ACM), which allows local users to bypass the Trusted Execution Technology protection mechanism and gain privileges by modifying the MCHBAR register to point to an attacker-controlled region, which prevents the SENTER instruction from properly applying VT-d protection while an MLE is being loaded.
References (9)
Core 9
Core References
Various Sources x_refsource_misc
http://invisiblethingslab.com/resources/misc09/Another%20TXT%20Attack.pdf
Various Sources x_refsource_misc
http://theinvisiblethings.blogspot.com/2009/12/another-txt-attack.html
Vendor Advisory x_refsource_confirm
http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00021&languageid=en-fr
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1023382
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37430
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/61248
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3618
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37900
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54963
Scores
EPSS
0.0006
EPSS Percentile
17.3%
Details
CWE
CWE-16
Status
published
Products (5)
intel/gm45_chipset
intel/pm45_express_chipset
intel/q35_chipset
intel/q43_express_chipset
intel/q45_chipset
Published
Dec 24, 2009
Tracked Since
Feb 18, 2026