Intel® Smart Sound Technology vulnerabilities

Summary:

CVE-2018-3666
• Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a non-paged pool overflow.
• 7.5 High CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
CVE-2018-3670
• Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a buffer overflow.
• 7.5 High CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
CVE-2018-3672
• Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a system calls.
• 7.5 High CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Affected products:

Intel® Smart Sound Technologies before version 9.21.00.3541

Recommendations:

Intel recommends users check with system manufacturers for Intel® Smart Sound Technologies version 9.21.00.3541 or later.

Acknowledgements:

These issues were reported by an Intel validation partner.