Intel Patches Vulnerabilities In Four Different Products
ntel Patches Vulnerabilities With High-Severity Ratings
As disclosed by the vendors in their security advisories, Intel patches vulnerabilities in four different products this week.
The most serious security flaw among all four existed in Intel® Media SDK. Receiving a CVSS base score of 7.8, Intel marked this vulnerability (CVE-2018-18094) with high-severity. As described in their advisory, the flaw affected the Intel® Media SDK versions prior to 2018 R2.1. Upon exploit, this could allow privilege escalation to an authenticated attacker accessing locally.
Another high-severity flaw (CVE-2019-0163) that attained a CVSS base score of 7.5 existed in Intel NUC firmware. According to Intel’s advisory, an attacker gaining local access to the target system may gain multiple advantages by exploiting this flaw.
“Insufficient input validation in system firmware for Intel(R) Broadwell U i5 vPro before version MYBDWi5v.86A may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access.”
The vendors recommend the users to upgrade their Intel® Broadwell U i5 vPro firmware to the patched version MYBDWi5v.86A or later.
Two Other Less Serious Flaws Also Fixed
Apart from the above two vulnerabilities, Intel has also patched two relatively less severe flaws in other products.
One of these is a medium-severity flaw (CVE-2019-0158) in Intel® Graphics Performance Analyzer for Linux. The flaw affected the software versions 18.4 and earlier, allowing escalation of privilege to a local attacker. As mentioned in their advisory, this flaw has received a CVSS base score of 6.7. Intel recommends the users to upgrade to the patched 2019 R1 release.
The other flaw marks a low-severity vulnerability with a CVSS base score of 3.8 in some Intel microprocessors. Intel describes in its advisory that exploiting the flaw (CVE-2019-0162) could to disclosure of information.
“Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access.”
To stay protected from potential exploits via this flaw, Intel advises the users to follow best practices. Intel, however, did not reveal any specific fix to mitigate this vulnerability.
In January as well, Intel patched numerous security flaws in different Intel products including three high-severity flaws.
Take your time to comment on this article.
Comments