Intel Releases 29 Advisories to Describe 73 Vulnerabilities Affecting Its Products
Intel this week announced the availability of patches for 73 vulnerabilities identified across multiple products, including several high-severity flaws that can be exploited to escalate privileges.
According to Intel, more than half of the bugs were discovered internally and 40% were reported through its bug bounty program.
The newly addressed issues represent more than half of the 132 potential vulnerabilities the company patched since the beginning of 2021 — 56 of them in graphics, networking, and Bluetooth components.
The most severe of the newly addressed flaws is a high-severity incomplete cleanup issue (CVE-2021-24489) in Intel VT-d products that could allow an authenticated user to enable escalation of privilege via local access.
Intel’s 10th and 11th Gen Core Processors, along with multiple Pentium, Celeron, Atom, and Core processor series are affected by the vulnerability. Users of VT-d should update to the latest version provided by their system manufacturers.
Two high-severity vulnerabilities were patched in NUC firmware, both leading to escalation of privilege via local access. Tracked as CVE-2021-0067 and CVE-2021-0054, these flaws could be exploited by privileged users, Intel says.
Numerous NUC products are affected by these security holes and the tech giant recommends that users update the BIOS version of their products to a release that addresses the bugs.
Intel on Tuesday announced patches for a total of four vulnerabilities in the Intel Security Library, but only one of them — CVE-2021-0133 — has been rated high severity (CVSS score of 7.7) and could potentially enable escalation of privilege via network access.
The remaining three issues, all medium risk, could be exploited from the network to cause a denial of service (DoS) condition or potentially leak sensitive information.
The bugs impact 1st to 3rd generation Xeon Scalable processors and Xeon W processor 3200 and 3100 series. Security Library versions 3.3 or later contain patches for these vulnerabilities.
A total of three flaws were patched in Driver and Support Assistant (DSA) this week, two high severity and one medium severity. All three may allow an authenticated user to escalate privileges and were addressed in DSA version 22.214.171.124.
Two other high-severity security holes were patched in the BMC firmware (before EFI BIOS 7215, BMC 8100.01.08) for Server Board M10JNP2SB, both leading to escalation of privilege via adjacent access. Two other medium-severity bugs could be abused for denial of service.
High-severity flaws leading to escalation of privilege were addressed in the BIOS firmware of some Intel processors, in RealSense ID, and FPGA OPAE Driver for Linux. Four high-severity bugs patched in Thunderbolt controllers may lead to denial of service.
Intel also released patches for tens of medium- and low-severity vulnerabilities in Brand Verification Tool, Rapid Storage Technology software, Optane DC Persistent Memory for Windows, SSD Data Center Tool, Computing Improvement Program, VTune Profiler, BlueZ, and various other products.
Details on all of the addressed vulnerabilities can be found on Intel’s security portal.