Intel is warning on security bugs throughout its graphics drivers, server boards, compute modules and modems.
Intel has issued fixes for 5 significant-severity vulnerabilities in its graphics motorists. Attackers can exploit these flaws to start an array of destructive attacks – this sort of as escalating their privileges, stealing delicate knowledge or launching denial-of-company attacks.
The graphics driver is software program that controls how graphic parts get the job done with the relaxation of the pc. Intel develops graphics motorists for Windows OS to converse with distinct Intel graphics equipment, for instance. The most critical of the flaws in Intel’s graphics motorists (CVE-2020-0544), which ranks 8.8 out of 10 on the CVSS scale, stems from the kernel method driver, which is the piece of a graphics driver that executes any instruction it requires on the CPU with no waiting around, and can reference any memory handle that is readily available.
This flaw stems from inadequate regulate-movement administration in Intel graphics motorists prior to version 126.96.36.19945. The flaw can empower a consumer to escalate their privileges – however, an attacker would require to be authenticated and have nearby access to the unit, mentioned Intel.
An additional privilege-escalation issue (CVE-2020-0521) stemming from inadequate management-stream management was mounted in Intel graphics drivers (also ahead of version 188.8.131.5245). To exploit this flaw, an attacker would also want to be authenticated and have local entry.
Intel also warned of a use-just after-totally free bug (CVE-2020-12361), an poor ailments-check out challenge (CVE-2020-24450) and an integer-overflow vulnerability (CVE-2020-12362) in its graphics motorists. The latter could permit denial-of-services (DoS) attacks on impacted products.
Intel Server Boards and Compute Modules Flaws
Intel also patched two high-severity flaws in its server boards, server systems and compute modules. Exclusively afflicted are the Intel Server Program R1000WF and R2000WF family members Intel Server Board S2600WF spouse and children, Intel Server Board S2600ST spouse and children and Intel Server Board S2600BP relatives and Intel Compute Module HNS2600BP family.
Just one of these flaws is a buffer-overflow issue (CVE-2020-12373) in the Baseboard Administration Controller (BMC) firmware for some Intel server boards, server programs and compute modules. The second vulnerability is an insufficient enter validation hole (CVE-2020-12377) in the BMC firmware. Both flaws exist in advance of edition 2.47 and could “allow an authenticated consumer to possibly empower escalation of privilege by means of community access.”
Other Intel Security Vulnerabilities
Intel also preset a superior-severity flaw in its XMM 7360 modem, which converts info from a electronic structure into a format for a transmission medium. It’s used for LTE 4G smartphones and tablets.
“Improper buffer limits in firmware for Intel 7360 Mobile Modem ahead of UDE edition 9.4.370 may perhaps allow for unauthenticated people to possibly help denial-of-assistance by way of network obtain,” reported Intel.
The other high-severity flaw exists in Intel’s SSD Toolbox. This toolbox makes it possible for Windows users to update the firmware and operate diagnostic checks on an Intel stable-state generate (SSD). According to Intel, the vulnerability stems from incorrect default permissions in the installer of the Intel SSD Toolbox, and might empower a privileged consumer to most likely help regional privilege escalation.
The fixes conclude a dry spell in security updates for Intel, which hasn’t disclosed any patched vulnerabilities given that November. At that time, Intel issued a colossal security update addressing flaws across a myriad of products – most notably, critical bugs that can be exploited by unauthenticated cybercriminals in purchase to obtain escalated privileges.
Is your business enterprise an quick mark? Save your location for “15 Cybersecurity Gaffes SMBs Make,” a FREE Threatpost webinar on Feb. 24 at 2 p.m. ET. Cybercriminals rely on you producing these blunders, but our specialists will help you lock down your little- to mid-sized organization like it was a Fortune 100. Register here for the Wed., Feb. 24 Are living webinar.
Some components of this report are sourced from: