CVE Vulnerability

CVE-2008-7096

Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35MP, DP35DP, DG33FB, DG33BU, DG33TL, MGM965TW, D945GCPE, and DX38BT allows local administrators with ring 0 privileges to gain additional privileges and modify code that is running in System Management Mode, or access hypervisory memory as demonstrated at Black Hat 2008 by accessing certain remapping registers in Xen 3.3.

6.9 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.4 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://theinvisiblethings.blogspot.com/2008/08/attacking-xen-domu-vs-dom0.html
http://theinvisiblethings.blogspot.com/2008/08/intel-patches-q35-bug.html
http://www.securityfocus.com/bid/30823
http://osvdb.org/49901
http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00017&languageid=en-fr Patch Vendor Advisory
http://invisiblethingslab.com/bh08/part2-full.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44676
Configurations

Configuration 1

cpe:2.3:h:intel:bios:dq35mp:*:*:*:*:*:*:*
cpe:2.3:h:intel:bios:dq35jo:*:*:*:*:*:*:*
cpe:2.3:h:intel:bios:dg33tl:*:*:*:*:*:*:*
cpe:2.3:h:intel:bios:dg33bu:*:*:*:*:*:*:*
cpe:2.3:h:intel:bios:dx38bt:*:*:*:*:*:*:*
cpe:2.3:h:intel:bios:dp35dp:*:*:*:*:*:*:*
cpe:2.3:h:intel:bios:dg33fb:*:*:*:*:*:*:*
cpe:2.3:h:intel:bios:mgm965tw:*:*:*:*:*:*:*
Information

Published : 2009-08-27 08:30

Updated : 2017-08-17 01:29

NVD link : CVE-2008-7096

Mitre link : CVE-2008-7096

Products Affected

Intel

CWE
CWE-1260

Improper Handling of Overlap Between Protected Memory Ranges