Intel patches 15 vulnerabilities affecting software, firmware

Home - news - Intel patches 15 vulnerabilities affecting software, firmware
LAS VEGAS - JANUARY 07:  Intel President and CEO Paul Otellini delivers a keynote address during the 2010 International Consumer Electronics Show at the Las Vegas Hilton January 7, 2010 in Las Vegas, Nevada. CES, the world's largest annual consumer technology tradeshow, runs through January 10. The gadget show is expected to feature 2,500 exhibitors showing off their latest products and services to about 110,000 attendees.  (Photo by Justin Sullivan/Getty Images)

Intel patches 15 vulnerabilities affecting software, firmware

Intel on Tuesday distributed 11 new security advisories, disclosing 16 total vulnerabilities that affect various software or firmware products.

None of the bugs was deemed critical, but there were seven high-level issues, including an escalation of privilege in Linux Administrative Tools for Intel Network Adapters. Carrying a CVSS base score of 8.2 (the highest among this month’s Intel’s vulnerabilities), the flaw, designated CVE-2019-0159, is caused by insufficient memory protection in versions prior to 24.3.

The remaining high-level bugs consist of five escalation of privilege vulnerabilities in NUC firmware, and an improper conditions check in certain processors that can cause escalation of privilege and information disclosure.

Medium-level problems include denial-of-service conditions in FPGA SDK for OpenCL and Quartus Prime Pro Edition; escalation of privilege bugs in Control Center-I, Quartus Prime Pro Edition, Setup and Configuration Software (SCS) Platform Discovery Utility; and Rapid Storage Technology (RST); and an improper conditions check in multiple processors that could allow escalation of privilege, denial of service or information disclosure.

Additionally, low-severity bugs were found in the Dynamic Platform and Thermal Framework and the Ethernet 1218 Adapter Driver for Windows.

Intel has released updates that patch all of these products, except for (SCS) Platform Discovery Utility, which has been discontinued. Users are advised to avoid using the utility or uninstall it.


Leave A Comment

Recent News


Contact Us