Intel® Smart Sound Technology Advisory

Summary:

A potential security vulnerability in Intel® Smart Sound Technology may allow escalation of privilege.** Intel is releasing software updates to mitigate this potential vulnerability.**

Vulnerability Details:

CVEID: CVE-2020-0583

Description: Improper access control in the subsystem for Intel® Smart Sound Technology may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.6 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products:

Intel® Smart Sound Technology versions shown below:

**Platform Code Name -**Affected Intel® Smart Sound Technology Driver Versions

• Ice Lake Xeon-SP - 10.24.00.3316 and lower
• Ice Lake U,Y - 10.24.00.3316 and lower
• Tiger Lake UP3, UP4 - 10.29.00.3418 and lower
• Amber Lake-Y, Kaby Lake U, Kaby Lake U23e and Kaby Lake Y - 09.21.00.4536 and lower
• Coffee Lake U43e and Kaby Lake Refresh U - 09.21.00.4536 and lower
• Whiskey Lake U - 10.23.00.3173 and lower
• Comet Lake U42 and Amber Lake Y - 10.23.00.3173 and lower
• Kaby Lake S, H, G, X, and Kaby Lake Xeon E3 - 09.21.00.4536 and lower
• Comet Lake-H, Comet Lake-S and Comet Lake-U62 - 10.25.00.3399 and lower
• Rocket Lake-S - 10.29.00.3418 and lower

Recommendations:

Intel recommends that users of Intel® Smart Sound Technology** **update to the latest version provided by the system manufacturer that addresses these issues. __

Acknowledgements:

Intel would like to thank Lee Christensen of SpecterOps for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.