Summary:
CVE-2018-3666
• Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a non-paged pool overflow.
• 7.5 High CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
CVE-2018-3670
• Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a buffer overflow.
• 7.5 High CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
CVE-2018-3672
• Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a system calls.
• 7.5 High CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Affected products:
Intel® Smart Sound Technologies before version 9.21.00.3541
Recommendations:
Intel recommends users check with system manufacturers for Intel® Smart Sound Technologies version 9.21.00.3541 or later.
Acknowledgements:
These issues were reported by an Intel validation partner.