Summary:
A previously undisclosed vulnerability in the Intel® Manycore Platform Software Stack (Intel® MPSS) was discovered during internal testing. The vulnerability could allow elevation of privilege under certain circumstances if an attacker has a valid account on a host that contains an Intel® Xeon Phi™ coprocessor.
Description:
A previously undisclosed vulnerability in the Intel® Manycore Platform Software Stack (Intel® MPSS) was discovered during internal testing. The vulnerability could allow elevation of privilege under certain circumstances if an attacker has a valid account on a host that contains an Intel® Xeon Phi™ coprocessor. The security update addresses the vulnerability by correcting how SSH key files processed by micctrl are validated.
The vulnerability is not affected by the Linux* OS version on the host. Intel recommends updating to 2.1.6720-23 or 3.1.4-1 for all supported versions of the Linux* host OS, RHEL 6.0, RHEL 6.1, RHEL 6.2, RHEL 6.3, RHEL 6.4, RHEL 6.5, SUSE 11.1, SUSE 11.2, SUSE 11.3. Intel® MPSS for Microsoft* Windows* is not subject to this vulnerability and thus no updates will be provided for these versions of the Intel® MPSS.
Intel’s processors are functioning within specification; this is a software implementation issue.