Details of VAR-201912-0875

ID

VAR-201912-0875

CVE

CVE-2019-14604

TITLE

Intel(R) Quartus(R) Prime Pro Edition In NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-013404

DESCRIPTION

Null pointer dereference in the FPGA kernel driver for Intel(R) Quartus(R) Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable denial of service via local access. Intel Quartus Prime Pro is a multi-platform design environment developed by Intel Corporation. This product is mainly used for programmable logic device programming. A code issue vulnerability exists in the FPGA kernel driver in versions prior to Intel Quartus Prime Pro 19.3. A local attacker could exploit this vulnerability to cause a denial of service

Trust: 1.71

sources: NVD: CVE-2019-14604 // JVNDB: JVNDB-2019-013404 // VULHUB: VHN-146567

AFFECTED PRODUCTS

vendor:	intel	model:	quartus prime	scope:	lt	version:	19.3	Trust: 1.0
vendor:	intel	model:	quartus prime	scope:	lt	version:	pro 19.3	Trust: 0.8
vendor:	intel	model:	quartus prime	scope:	eq	version:	19.2	Trust: 0.6
vendor:	intel	model:	quartus prime	scope:	eq	version:	15.1	Trust: 0.6
vendor:	intel	model:	quartus prime	scope:	eq	version:	16.0	Trust: 0.6
vendor:	intel	model:	quartus prime	scope:	eq	version:	19.1	Trust: 0.6
vendor:	intel	model:	quartus prime	scope:	eq	version:	17.0	Trust: 0.6
vendor:	intel	model:	quartus prime	scope:	eq	version:	18.0	Trust: 0.6
vendor:	intel	model:	quartus prime	scope:	eq	version:	16.1	Trust: 0.6
vendor:	intel	model:	quartus prime	scope:	eq	version:	17.1	Trust: 0.6
vendor:	intel	model:	quartus prime	scope:	eq	version:	15.0	Trust: 0.6
vendor:	intel	model:	quartus prime	scope:	eq	version:	18.1	Trust: 0.6

sources: JVNDB: JVNDB-2019-013404 // CNNVD: CNNVD-201912-574 // NVD: CVE-2019-14604

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-14604
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-14604
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201912-574
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-146567
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-14604
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-146567
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-14604
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-14604
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-146567 // JVNDB: JVNDB-2019-013404 // CNNVD: CNNVD-201912-574 // NVD: CVE-2019-14604

PROBLEMTYPE DATA

problemtype:

CWE-476

Trust: 1.9

sources: VULHUB: VHN-146567 // JVNDB: JVNDB-2019-013404 // NVD: CVE-2019-14604

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201912-574

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201912-574

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013404

PATCH

title:	INTEL-SA-00311	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00311.html	Trust: 0.8
title:	Intel Quartus Prime Pro Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105389	Trust: 0.6

sources: JVNDB: JVNDB-2019-013404 // CNNVD: CNNVD-201912-574

EXTERNAL IDS

db:	NVD	id:	CVE-2019-14604	Trust: 2.5
db:	JVN	id:	JVNVU93632155	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-013404	Trust: 0.8
db:	CNNVD	id:	CNNVD-201912-574	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.4654	Trust: 0.6
db:	CNVD	id:	CNVD-2020-14845	Trust: 0.1
db:	VULHUB	id:	VHN-146567	Trust: 0.1

sources: VULHUB: VHN-146567 // JVNDB: JVNDB-2019-013404 // CNNVD: CNNVD-201912-574 // NVD: CVE-2019-14604

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00311.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14604	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14604	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu93632155/	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.4654/	Trust: 0.6

sources: VULHUB: VHN-146567 // JVNDB: JVNDB-2019-013404 // CNNVD: CNNVD-201912-574 // NVD: CVE-2019-14604

SOURCES

db:	VULHUB	id:	VHN-146567
db:	JVNDB	id:	JVNDB-2019-013404
db:	CNNVD	id:	CNNVD-201912-574
db:	NVD	id:	CVE-2019-14604

LAST UPDATE DATE

2024-11-23T19:37:52.122000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-146567	date:	2019-12-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-013404	date:	2019-12-27T00:00:00
db:	CNNVD	id:	CNNVD-201912-574	date:	2019-12-30T00:00:00
db:	NVD	id:	CVE-2019-14604	date:	2024-11-21T04:27:00.830

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-146567	date:	2019-12-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-013404	date:	2019-12-27T00:00:00
db:	CNNVD	id:	CNNVD-201912-574	date:	2019-12-12T00:00:00
db:	NVD	id:	CVE-2019-14604	date:	2019-12-16T20:15:15.023