CVE-2020-12303

HIGH

Intel Converged Security and Manageability Engine < 11.8.80 - Authenticated Use-After-Free in DAL Subsystem

Title source: llm

Description

Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access.

References (3)

Core 3

Core References

Vendor Advisory x_refsource_misc

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20201113-0005/

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20201113-0002/

Scores

CVSS v3 7.8

EPSS 0.0007

EPSS Percentile 20.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (3)

intel/converged_security_and_manageability_engine < 11.8.80

intel/trusted_execution_technology 3.1.80

intel/trusted_execution_technology 4.0.30

Published Nov 12, 2020

Tracked Since Feb 18, 2026