CVE-2019-10636

Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS1092, 88SS1095, 88SS9174, 88SS9175, 88SS9187, 88SS9188, 88SS9189, 88SS9190, 88SS1085, 88SS1087, 88SS1090, 88SS1100, 88SS1084, 88SS1088, & 88SS1098) devices allow reprogramming flash memory to bypass the secure boot protection mechanism.

CVSS v3 4.6 MEDIUM
CVSS v2.0 4.9 MEDIUM

4.6^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:C/A:N

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact NONE

References

Link	Resource
https://www.marvell.com/documents/x9g4hrszt5ls3udbe1eo/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:marvell:88ss1074_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:marvell:88ss1074:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:marvell:88ss1079_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:marvell:88ss1079:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:marvell:88ss1080_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:marvell:88ss1080:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:marvell:88ss1093_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:marvell:88ss1093:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:marvell:88ss1092_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:marvell:88ss1092:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:marvell:88ss1095_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:marvell:88ss1095:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:marvell:88ss9174_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:marvell:88ss9174:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:marvell:88ss9175_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:marvell:88ss9175:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:marvell:88ss9187_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:marvell:88ss9187:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:marvell:88ss9188_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:marvell:88ss9188:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:marvell:88ss9189_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:marvell:88ss9189:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:marvell:88ss9190_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:marvell:88ss9190:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:marvell:88ss1085_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:marvell:88ss1085:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:marvell:88ss1087_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:marvell:88ss1087:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:marvell:88ss1090_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:marvell:88ss1090:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:marvell:88ss1100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:marvell:88ss1100:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:marvell:88ss1084_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:marvell:88ss1084:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:marvell:88ss1088_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:marvell:88ss1088:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:marvell:88ss1098_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:marvell:88ss1098:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-06-04 21:29

Updated : 2023-12-10 12:59

NVD link : CVE-2019-10636

Mitre link : CVE-2019-10636

CVE.ORG link : CVE-2019-10636

JSON object : View

Products Affected

marvell

88ss9190
88ss9187
88ss1085
88ss9189
88ss1095
88ss9174
88ss1087_firmware
88ss9188
88ss1087
88ss9174_firmware
88ss1084
88ss1090_firmware
88ss1093
88ss1080_firmware
88ss9189_firmware
88ss1095_firmware
88ss9175_firmware
88ss1092
88ss1080
88ss1092_firmware
88ss9190_firmware
88ss1100
88ss1074
88ss1088
88ss1088_firmware
88ss1074_firmware
88ss1079_firmware
88ss1084_firmware
88ss9187_firmware
88ss1079
88ss1085_firmware
88ss1090
88ss1098_firmware
88ss1098
88ss9188_firmware
88ss1100_firmware
88ss9175
88ss1093_firmware

CWE

CWE-400

Uncontrolled Resource Consumption

4.6 /10

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.9 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact NONE

JSON object

Attach tags to CVE-2019-10636

4.6^/10

4.9^/10

Attach tags to `CVE-2019-10636`