1002 matches found
Intel® Optane™ memory module update
Summary: Information disclosure vulnerability in storage media in systems with Intel® Optane™ memory module with Whole Disk Encryption may allow an attacker to recover data via physical access. Description: Intel identified an issue where some systems configured with Whole Disk Encryption and an...
Insufficient Input Validation in Bleach module in Intel® Distribution for Python (IDP) version IDP 2018 Update 2 potentially allows an unprivileged user to bypass URI sanitization and cause a Denial of Service via local vector
Summary: Insufficient Input Validation in Bleach module in Intel® Distribution for Python IDP version IDP 2018 Update 2 potentially allows an unprivileged user to bypass URI sanitization and cause a Denial of Service via local vector. Description: A vulnerable version of the Mozilla Bleach librar...
Intel® Converged Security Management Engine (Intel® CSME) 11.x issue
Summary: In an effort to continuously improve the robustness of the Intel® Converged Security Management Engine Intel® CSME, Intel has performed a security review of its Intel® CSME with the objective of continuously enhancing firmware resilience. Description: In an effort to continuously improve...
Firmware Authentication Bypass
Summary: Potential security vulnerability allowing bypass of firmware authentication and incorrect TPM measurement of system firmware. Description: Platform sample code firmware included with 4th Gen Intel® Core™ Processor Haswell, 5th Gen Intel® Core™ Processor Broadwell, 6th Gen Intel® Core™...
Intel® Quartus® Prime Pro
Summary: Intel® Quartus® Prime Pro before version 18.0.1 ships with an open source component, bottle.py, which is disabled by default. If bottle.py is enabled the system is potentially vulnerable to CVE-2016-9964. Description: For details on the CVE-2016-9964 please see:...
Insecure Handling of BIOS and AMT Passwords
Summary: Intel is releasing patches to mitigate security vulnerability CVE-2017-5704 Description: Platform sample code firmware included with 4th Gen Intel® Core™ Processor Haswell, 5th Gen Intel® Core™ Processor Broadwell, 6th Gen Intel® Core™ Processor Skylake, and 7th Gen Intel® Core™ Processo...
EDK II Untested memory not covered by SMM page protection
Summary: Intel is releasing firmware updates to improve System Management Mode SMM protection. Description: Incorrect handling of memory types in Tianocore firmware potentially allows a local attacker to bypass SMM protections on memory. • High 8.2 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H...
Platform firmware included insecure handling of certain UEFI variables
Summary: This update improves the security of the firmware and the ability to enable secure configuration. Description: Insecure handling of UEFI variables in Intel® Xeon® Scalable processors, Intel® Xeon® Processor E5 v4 Family, Intel® Xeon® Processor E5 v3 Family system firmware potentially...
DCI Policy Update
Summary: Intel is releasing Direct Connect Interface DCI policy update. Description: Existing UEFI setting restrictions for DCI Direct Connect Interface in 5th and 6th generation Intel® Xeon® Processor E3 Family, Intel® Xeon® Scalable processors, and Intel® Xeon® Processor D Family can potentiall...
Intel® Processor Diagnostic Tool Privilege Escalation Vulnerability
Summary: Privilege escalation Description: Permissions issue with IPDT Installer v4.1.0.24 installs 3 files within improper permissions, allowing for arbitrary code execution and escalation of privileges CVSS Score 8.3 - High: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H Affected products: IPDT –...
Intel® Saffron MemoryBase Update
Summary: CVE-2018-3662 Escalation of privilege in Intel® Saffron MemoryBase before version 11.4 potentially allows an authorized user of the Saffron application to execute arbitrary code as root. 8.4 High CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2018-3671 Escalation of privilege in Intel®...
Lazy FP State Restore
Summary: System software may utilize the Lazy FP state restore technique to delay the restoring of state until an instruction operating on that state is actually executed by the new process. Systems using Intel® Core-based microprocessors may potentially allow a local process to infer data...
Intel® Integrated Performance Primitives Cryptography Library Update
Summary: Some implementations in Intel® Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time. - 4.7 Medium CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: Intel® Integrated Performance Primitives Cryptograph...
Buffer Overflow in System Configuration Utilities
Summary: Buffer overflow in Intel® system Configuration utilities selview.exe and syscfg.exe before version 14 build 11 allows a local user to crash these services potentially resulting in a denial of service. 5.5 Medium CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: Versions of...
Parameter corruption in NDIS filter driver in Intel® Online Connect Access 1.9.22.0 allows an attacker to cause a denial of service via local access
Summary: Parameter corruption in NDIS filter driver in Intel® Online Connect Access 1.9.22.0 allows an unprivileged attacker to cause a denial of service via local system access. Description: An external security researcher identified a potential parameter input validation corruption condition th...
Bounds check vulnerability in User Mode Driver in Intel Graphics Driver 15.40.x.4 and 21.20.x.x allows unprivileged user to cause a denial of service via local access.
Summary: The Intel Graphics driver 15.40.x.48651 or 20.19.x.4865 may fail to properly perform a bounds check which allows unprivileged users to cause a denial of service on the listed processors. Description: The Intel® Graphics Drivers for Windows2 version 15.40.x.4865 or earlier running on a 5t...
Intel® SGX SDK and Intel® SGX Platform Software Updates
Summary: Intel® Software Guard Extensions Software Development Kit SDK and Platform Software PSW utilize the Intel® Integrated Performance Primitives Cryptography Library. Vulnerabilities in this cryptography library have been reported that may enable a local attacker running malware utilizing...
Elevation of Privilege vulnerability when installing Intel Wireless Drivers and related Software
Summary: Intel is releasing software updates that mitigate a security vulnerability in executables to install Intel Wireless drivers. Description: DLL injection vulnerability in the installation executables Autorun.exe and Setup.exe for Intel's wireless drivers and related software allows a local...
Intel® NUC BIOS SW SMI Call-Out
Summary: This update will improve the security of system firmware for the below listed Intel NUC models. Description: Intel has identified a potential vulnerability in Intel NUC kits with insufficient input validation in system firmware that potentially allows a local attacker to elevate privileg...
Intel® 2G Firmware Update for Modems using ETWS
Summary: Buffer overflow in ETWS processing module Intel® XMM71xx, XMM72xx, XMM73xx, XMM74xx and Sofia 3G/R allows remote attacker to potentially execute arbitrary code via an adjacent network. Description: In late February 2018, external security researchers identified and disclosed to Intel a...
Intel® Remote Keyboard Unauthenticated Keystroke Injection
Summary: CVE-2018-3641: Escalation of privilege in all versions of the Intel® Remote Keyboard allows a network attacker to inject keystrokes as a local user. • 9.0 Critical CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2018-3645: Escalation of privilege in all versions of the Intel® Remote...
Unsafe Opcodes exposed in Intel SPI based products
Summary: Configuration of SPI Flash in platforms based on multiple Intel CPUs allows a local attacker to alter the behavior of the SPI Flash, potentially leading to a Denial of Service. This issue has been root-caused, and the mitigation has been validated and is available. Description:...
Intel® SGX SDK Edger8r and Intel® Software Guard Extensions Platform Software Component
Summary: CVE-2018-3626: The Edger8r tool in the Intel® Software Guard Extensions SGX Software Development Kit SDK before version 2.1.2 Linux and 1.9.6 Windows may generate code that is susceptible to a side channel attack, potentially allowing a local user to access unauthorized information...
Intel Q3’17 ME 6.x/7.x/8.x/9.x/10.x/11.x, SPS 4.0, and TXE 3.0 Security Review Cumulative Update
Summary: In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of our Intel® Management Engine ME, Intel® Server Platform Services SPS, and Intel® Trusted Execution Engine TXE with the objective of enhancing firmware resilience. As...
Type Confusion in Content Protection HECI Service in Intel® Graphics Driver allows unprivileged user to elevate privileges via local access
Summary: Type Confusion vulnerability which can potentially lead to a privilege escalation. Description: The Intel® Content Protection HECI Service has a Type Confusion vulnerability which potentially can lead to a privilege escalation. The HECI service software is distributed as part of the Inte...
Intel® NUC Kit with Infineon Trusted Platform Module
Summary: Certain Intel® NUC systems contain an Infineon Trusted Platform Module TPM that has an information disclosure vulnerability as described in CVE-2017-15361. Description: Recently, a research team developed advanced mathematical methods to exploit the characteristics of acceleration...
Untrusted search path in Intel Graphics Driver allows unprivileged user to elevate privileges via local access
Summary: Untrusted Path which can potentially lead to an elevation of privilege. Reference CVE-2017-5696. Description: Older versions 1 of the some Intel® Graphics Drivers for Windows 2 Code Branches contain a potentially untrusted search path which may allow a local attacker to execute code with...
Intel Driver and Support Assistant Information Disclosure
Summary: SEMA driver in Intel Driver and Support Assistant before version 3.1.1 allows a local attacker with administrative access the ability to read and write to Memory Status Registers potentially allowing for information disclosure or a denial of service condition. Description: SEMA driver in...
One or more Intel Products affected by the Wi-Fi Protected Access II (WPA2) protocol vulnerability
Summary: Researchers Mathy Vanhoef and Frank Piessens, from the University of Leuven, identified a series of vulnerabilities that affect the Wi-Fi Protected Access WPA and Wi-Fi Protected Access II WPA2 standards. Description: These vulnerabilities are protocol-level vulnerabilities that affect a...
Frame replay vulnerability in Wi-Fi subsystem in Intel® Dual-Band and Tri-Band Wireless-AC Products allows remote attacker to replay frames via channel-based man-in-the-middle
Summary: A vulnerability relating to frame replay during device sleep has been identified in the Intel® Dual-Band and Tri-Band Wireless-AC Products. An attacker who can successfully establish a channel-based man-in-the-middle can potentially replay frames to impact the integrity or availability o...
Intel® Deep Learning Training Tool Beta 1 security vulnerability
Summary: A vulnerability in the Intel® Deep Learning Training Tool Beta 1 allows a network attacker to remotely execute code as a local user. Description: A vulnerability in the Intel® Deep Learning Training Tool Beta 1 allows a network attacker to remotely execute code as a local user. High 8.3...
Intel Unite® App denial of service and information disclosure vulnerability
Summary: Vulnerability in Admin portal for Intel Unite ® App allows a remote attacker to cause information disclosure and/or denial of service. Description: A privilege escalation vulnerability was found, which allows an attacker with network access to gain access to the admin portal, which could...
Intel® NUC BIOS Security Updates
Summary: This update mitigates multiple vulnerabilities related to security features in certain Intel® NUC system firmware BIOS. Description: BIOS Administrator and User password bypass: Insufficient protection of password storage in system firmware for NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH,...
Intel AMT® Upgradable to Vulnerable Firmware
Summary: Intel® Active Management Technology, Intel® Standard Manageability, and Intel® Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a...
Intel® SSD Pro 6000p Series data corruption vulnerability
Summary: A vulnerability was identified in the Intel® Solid State Pro 6000p Series leading to a potential data corruption issue. Description: Intel® SSD Pro 6000p Series contains a firmware issue in Opal activated drives which allows a physical attacker to cause data corruption or data loss leadi...
Intel® SSD 540s, Intel® SSD Pro 5400s, Intel® SSD E 5400s, and Intel® SSD DC S3100 data corruption vulnerability
Summary: A vulnerability was identified in the Intel® Solid-State Drive 540s Series, Intel® Solid State Drive Pro 5400s Series, Intel® Solid State Drive E 5400s Series and Intel® Solid State Drive DC S3100 Series leading to a potential data corruption issue. Description: In the Intel® SSD 540s,...
Denial of Service in Kernel in multiple versions of the Intel Graphics Driver allows local attacker to perform a Denial of Service via an Out of Bounds Read
Summary: Out-of-bounds read condition in older versions of some Intel® Graphics Driver for Windows code branches allows local users to perform a denial of service attack. Description: Out-of-bounds read condition in older versions of some Intel® Graphics Driver for Windows code branches allows...
SGX Update
Summary: Intel has released updates that improve the security of Intel® Software Guard Extensions Intel® SGX. Description: Intel has released updates that improve the security of Intel® Software Guard Extensions Intel® SGX. The improvement applies to 6th and 7th Generation Intel® Core™ Processor...
Intel® AMT Clickjacking Vulnerability
Summary: Insufficient clickjacking protection in the Web User Interface of Intel® AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via attacker's crafted web page. Description:...
Intel® Solid State Drive Toolbox™ Escalation of Privilege Vulnerability
Summary: There is an escalation of privilege vulnerability in the Intel® Solid State Drive Toolbox™ versions before 3.4.5 which allow a local administrative attacker to load and execute arbitrary code. Description: There is an escalation of privilege vulnerability in the Intel® Solid State Drive...
Intel® Branded NUC’s Vulnerable to SMM exploit
Summary: Intel is releasing updated BIOS firmware for a privilege escalation issue. This issue affects Intel® NUC Kits listed in the Model Number section below. The issue identified is a method that enables malicious code to gain access to System Management Mode SMM. Description: A malicious...
Intel® Hardware Accelerated Execution Manager Driver Privilege Escalation Vulnerability
Summary: Privilege escalation in IntelHAXM.sys driver in the Intel® Hardware Accelerated Execution Manager before version 6.0.6 allows a local user to gain system level access. Description: Privilege escalation in IntelHAXM.sys driver in the Intel® Hardware Accelerated Execution Manager before...
Intel® NUC and Intel® Compute Stick DCI Disable
Summary: Intel® NUC and Intel® Compute Stick systems based on 6th Gen Intel® Core™ processors do not have DCI debug capability properly locked for BIOS only access. This would allow an attacker with physical possession of the system to potentially enable DCI from outside the BIOS. Description:...
Intel® QuickAssist Technology RSA-CRT Vulnerability
Summary: The RSA-CRT implementation in the Intel® QuickAssist Technology QAT Engine for OpenSSL versions prior to 0.5.19 may allow remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack. Description: The RSA-CRT implementation in the Intel® QuickAssist Technology...
Intel PSET Application Install wrapper contains an escalation of privilege vulnerability.
Summary: Intel PSET Application Install wrapper contains an escalation of privilege vulnerability. Description: Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer a...
Intel® Ethernet Controller X710/XL710 Driver Security Vulnerability
Summary: A security vulnerability in the Intel® Ethernet Controller X710 and Intel® Ethernet Controller XL710 family of products Fortville has been found in the device driver. Description: A security vulnerability in the Intel® Ethernet Controller X710 and Intel® Ethernet Controller XL710 family ...
Vulnerability in Intel® RealSense™ Web Component allows authenticated users to elevate privileges via updater subsystem
Summary: The vulnerability allows a potentially malicious 3rd party to gain the highest possible elevation of privilege level in the Operating System. Description: The vulnerability allows a potentially malicious 3rd party to gain the highest possible elevation of privilege in the Operating Syste...
Intel® Ethernet Controller X710/XL710 NVM Security Vulnerability
Summary: A security vulnerability in the Intel® Ethernet Controller X710, Intel® Ethernet Controller XL710 family of products Fortville and Intel® Ethernet Connection X722 has been found in the Non-Volatile Flash Memory NVM image. Description: A security vulnerability in the Intel® Ethernet...
Multiple Intel Software Products impacted by CVE-2016-2108
Summary: Many IntelR SW products use OpenSSL during install procedure. In certain conditions explicitly during product activation, an attacker potentially can execute arbitrary code on client system. Description: The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows...
Intel® PROSet/Wireless Software Denial of Service
Summary: There is a security vulnerability in the Intel® PROSet/Wireless Software and Drivers before version 19.20.3. Description: Buffer over flow in Intel PROSet/Wireless Software and Drivers in versions before 19.20.3 allows a local user to crash iframewrk.exe causing a potential denial of...