1002 matches found
Intel® Wireless Bluetooth® Driver Unquoted Service Path
Summary: There is a security vulnerability in the Intel® Wireless Bluetooth® drivers 16.x/17.x and all 18.x versions prior to 18.1.1607.3129 02/26/2016 known as an “Unquoted Service Path”. All drivers posted with version 18.1.1607.3129 and above due not contain the disclosed vulnerability...
Intel® Branded NUC’s Vulnerable to SMM Exploit
Summary: Intel is releasing updated BIOS firmware for a privilege escalation issue. This issue affects Intel® NUC Kits listed in the affected products section below. The issue identified is a method that enables malicious code to gain access to System Management Mode SMM. Description: A malicious...
Stack overflow vulnerability in Wind River VxWorks
Summary: WindRiver is releasing mitigations for a privilege escalation issue. This issue affects versions of Wind River VxWorks products. The issue being mitigated is a method to execute arbitrary code without user interactions. Description: Anonymous remote attackers can cause a stack overflow,...
Vulnerability in Intel SSD Toolbox allows authenticated users to elevate privileges via updater subsystem
Summary: The vulnerability allows a potentially malicious 3rd party to gain the highest possible elevation of privilege level in the Operating System. Description: The vulnerability allows a potentially malicious 3rd party to gain the highest possible elevation of privilege in the Operating Syste...
A vulnerability in Intel Integrated Performance Primitives (IPP) Cryptography allows local users to recover the RSA private key via a potential side-channel.
Summary: The cryptography CP domain in Intel’s newest version of Intel® Integrated Performance Primitives Intel® IPP v2017 has been enhanced to improve its security and customers are strongly urged to update to this release. Description: A potential side-channel vulnerability was identified in th...
SmmRuntime Escalation of Privilege
Summary: Intel is releasing mitigations for a privilege escalation issue. This issue affects the UEFI BIOS of select Intel Products. The issue identified is a method that enables malicious code to gain access to System Management Mode SMM. Description: A malicious attacker with local administrati...
Multiple Intel Software Products impacted by CVE-2016-4300
Summary: Multiple Intel® Education Study Software Products are potentially impacted by CVE-2016-4300 libarchive Description: Multiple Intel® Education Study Software Products are potentially impacted by CVE-2016-4300 libarchive. The vulnerabilities can potentially lead to a privilege escalation o...
Multiple Potential Vulnerabilities in the Intel® Graphics Driver for Windows*
Summary: Multiple potential vulnerabilities exist in the Intel® Graphics Driver for Microsoft Windows impacting versions prior to 28MAR2016. Description: Multiple potential vulnerabilities exist in the Intel® Graphics Driver for Microsoft Windows impacting versions prior to 28MAR2016. The...
Vulnerability impacting the Intel® Solid-State Drive 540s Series, Intel® Solid State Drive E 5400s Series and Intel® Solid State Drive DC S3100 Series drives
Summary: A vulnerability was identified in the Intel® Solid-State Drive 540s Series, Intel® Solid State Drive E 5400s Series and Intel® Solid State Drive DC S3100 Series leading to a potential data corruption issue. Description: A vulnerability was identified in the Intel® Solid-State Drive 540s...
Certain Intel® SATA Solid State Drives Impacted by ATA Drive Password Vulnerability
Summary: A vulnerability was identified in the Intel® Solid-State Drive 540s Series, Intel® Solid State Drive Pro 5400s Series, Intel® Solid State Drive E 5400s Series and Intel® Solid State Drive DC S3100 Series leading to a potential data corruption issue. Description: A vulnerability was...
Potential vulnerability in the Intel® Ethernet Controller X710 and XL710 product families
Summary: A vulnerability was identified in the Intel Ethernet Controller X710 and XL710 product family NVM image v5.02 and v5.03. Intel released an update to mitigate this issue on 31MAY2016. Description: Intel has found a security vulnerability in the v5.02 and v5.03 release of the NVM images fo...
Multiple Intel Software Products and Services impacted by CVE-2015-7547
Summary: Intel Software Products and Services that rely on glibc may be indirectly impacted by CVE-2015-7547. Description: Multiple stack-based buffer overflows in the 1 senddg and 2 sendvc functions in the libresolv library in the GNU C Library aka glibc or libc6 prior to version 2.23 allow remo...
Potential vulnerability in the Intel® Ethernet diagnostics driver for Windows*
Summary: A vulnerability was identified in the Intel diagnostics driver. Intel released an update to mitigate this issue in June 2015. Description: A vulnerability was identified in the Intel diagnostics driver IQVW32.sys and IQVW64.sys, also identified as CVE-2015-2291. Intel released an update ...
Potential vulnerability in Intel® SSD Data Center Family for SATA
Summary: If the Intel SSD Data Center Family for SATA product receives certain commands that violate the SATA protocol, the drive may stop responding to host commands and, in that event, user data will be inaccessible. Description: The Intel SSD Data Center Family for SATA product series was...
Potential vulnerability in the Intel® Driver Update Utility
Summary: This update to the Intel® Driver Update Utility mitigates the use of a non-SSL URL. Intel has released a new version of the software that provides mitigation of this issue. Description: Intel® Driver Update Utility analyzes Intel-product drivers on your computer and lets you know if driv...
Potential vulnerability of Intel® SSD 750 Series and Intel® SSD DC P3500 Series
Summary: Intel discovered an issue with certain Intel® Solid State Drives SSDs that could potentially result in an inability to access user data or, in rare cases, potential data loss. Intel is releasing software updates to mitigate this issue. Description: Intel discovered an issue with certain...
Local APIC Elevation of Privilege
Summary: Intel is releasing mitigations for a privilege escalation issue. This issue affects certain Intel processors based on older Intel micro-architectures. The issue identified is a method that enables malicious code to gain access to System Management Mode SMM. Description: An issue was...
Configuration Bypass During S3 Resume
Summary: System firmware of certain products does not completely protect platform configuration data. Description: During resume from sleep, system firmware needs to reinitialize hardware to a secured configuration. In order to protect against malware that has already compromised an OS, firmware...
Potential Vulnerability with Intel® LAN Products with SR-IOV
Summary: A potential issue impacting Intel® LAN products with SR-IOV capability is expected to be publicly disclosed by security researchers at an industry conference on August 13, 2015. Description: In Intel® LAN products with SR-IOV capability, the potential exists where, under specific...
Potential vulnerability in Intel® SSD Pro 1500 Series (Opal ready SKU)
Summary: In the Intel® SSD Pro 1500 Series the Opal-ready SKU, a potential vulnerability exists in a version of the firmware when Opal is activated. Description: In the Intel® SSD Pro 1500 Series the Opal-ready SKU, a potential vulnerability exists in a version of the firmware when Opal is...
Enhanced Protection of UEFI Variables
Summary: New BIOS updates are available for Intel products, enhancing the hardening of certain UEFI variables against potential modification. Intel highly recommends that users install the updates to mitigate this exposure. Description: Intel has become aware that certain firmware implementations...
Privilege Elevation Issue Affecting Some Intel® Solid-State Drive Data Center Family for PCIe Products
Summary: A customer feature was added to the Intel® Solid-State Drive Data Center Family for PCIe, improving device management in the field. The initial implementation allowed for a potential privilege elevation. Description: A customer feature was added to the Intel® Solid-State Drive Data Cente...
BIOS Security Updates for Multiple Issues
Summary: New BIOS updates are available for Intel products. These updates harden the implementation against malicious inputs at various stages of the boot process and runtime. Description: This update addresses issues identified in the process of resuming from a sleep state, processing data store...
ASLR bypass issue affecting multiple Intel® Software Development Products
Summary: In July 2014 an ASLR bypass issue affecting the Intel® Compiler was responsibly disclosed to Intel. Upon further examination, additional Intel® Software Development Products were identified as potentially impacted. Security have been developed to mitigate against this risk. Description: ...
Multiple Security Issues with Intel® Manycore Platform Software Stack (Intel® MPSS) release 3.x
Summary: This Security Bulletin discusses several security vulnerabilities that affect previous versions of Intel® Manycore Platform Software Stack Intel® MPSS release 3.x. Some stem from vulnerabilities in the 3rd-party OpenSSL library, which is built into the coprocessor OS. Others were...
Multiple Intel Software Products and API Services impacted by CVE-2014-0160
Summary: On April 7th 2014, OpenSSL.org published a Security Advisory concerning a missing bounds check bug in the implementation of the TLS heartbeat extension CVE-2014-0160. Intel PSIRT will continue to update this advisory as additional information becomes available. Description: On April 7th...
Intel® Manycore Platform Software Stack Privilege Escalation
Summary: A previously undisclosed vulnerability in the Intel® Manycore Platform Software Stack Intel® MPSS was discovered during internal testing. The vulnerability could allow elevation of privilege under certain circumstances if an attacker has a valid account on a host that contains an Intel®...
SINIT Authenticated Code Module Privilege Escalation
Summary: Intel® Trusted Execution Technology SINIT modules for 3rd Generation Intel® i5 and i7 vPro and Intel® Xeon® E3-1200 and E3-1200V2 Series Processors are susceptible to a privilege escalation issue. This issue also affects Intel 2nd Generation vPro Core i5 and i7 SNB based product family...
Potential for Signature Integrity Compromise and HMAC secret recovery in Intel® Integrated Performance Primitives (Intel® IPP) Cryptography Domain
Summary: The cryptography CP domain in Intel’s newest version of Intel® Integrated Performance Primitives Intel® IPP v7.1.1 has been enhanced to improve its security and customers are strongly urged to update to this release. Description: Intel IPP v7.1.1 introduces Intel® AVX & Intel® AVX2...
Potential for signature integrity compromise in Intel® Integrated Performance Primitives (Intel® IPP) Cryptography Domain
Summary: The cryptography CP domain in Intel’s newest version of Intel® Integrated Performance Primitives Intel® IPP v7.1 has been enhanced to improve its security and customers are strongly urged to update to this release. Description: Intel IPP v7.1 introduces Intel® AVX & Intel® AVX2 performan...
Privilege Escalation in Intel® Hybrid Cloud (IHC)
Summary: A Citrix XenServer potential vulnerability has recently been reported that could pose a security risk to any system using XenServer Hypervisor, including the Intel® Hybrid Cloud IHC platform which uses Citrix XenServer VMM as the virtualization platform. While we are not aware of any...
Low Entropy RSA Issue in Intel EPSD Baseboard Management Controller (BMC) Firmware
Summary: There is a potential security vulnerability related to the improper generation of RSA encryption keys in EPSD Baseboard Management Controller BMC firmware. Intel is releasing updated versions of the BMC firmware to mitigate the potential vulnerability. Description: There is a potential...
SINIT Buffer Overflow Vulnerability
Summary: Intel® Trusted Execution Technology SINIT Authenticated Code Modules ACMs are susceptible to a buffer overflow issue. Intel is providing updated SINIT ACMs to mitigate this issue and microcode updates to revoke vulnerable SINIT ACMs. Description: When Intel® Trusted Execution Technology...
Intel® Active System Console v4.4 and Intel® Multi-Server Manager v1.0 Denial of Service
Summary: Intel® Active System Console is a lightweight console that gives basic server hardware healthy monitoring capabilities on single server. Intel® Multi-Server Manager allows IT administrators to manage server hardware healthy for group of servers from a single console. Intel is releasing a...
Intel® Ethernet 82598 and 82599 10 Gigabit Ethernet Controller Denial of Service.
Summary: Intel is releasing a driver update to mitigate a denial of service issue with the Intel® 10 Gigabit Ethernet 82598 and 82599 Controllers. Description: Under certain circumstances a denial of service issue is present in the Intel® 10 Gigabit Ethernet 82598 and 82599 Controllers. A...
Intel® C++ Compiler and Intel® Fortran Compiler Insecure File Permission Local Privilege Escalation Vulnerability
Summary: Updated software is available for the customers using Intel® C++ Compiler Professional Edition for Linux and Intel® Fortran Compiler Professional Edition for Linux to mitigate a local privilege escalation vulnerability which could potentially be triggered during the compilation process...
Intel®Xeon® 5500, 5600 Series Baseboard Management Component (BMC) Firmware Privilege Escalation
Summary: Intel is releasing a firmware update to mitigate a privilege escalation issue with Intel®Xeon® 5500, 5600 Series Baseboard Management Component BMC Firmware. Description: Under certain circumstances a privilege escalation issue is present in the Baseboard Management Component BMC firmwar...
Intel® Math Kernel Library Insecure File Permission Local Privilege Escalation
Summary: The Intel® Math Kernel Library Intel® MKL is a library of highly optimized, extensively threaded math routines for science, engineering, and financial applications that require maximum performance. An updated version of the software is available for Intel® MKL users to mitigate this...
OpenSSL* vulnerability – Software Development Tools for Intel® Active Management Technology (Intel® AMT)
Summary: In response to the OpenSSL advisory CVE-2010-0740, Intel is releasing an update to the Intel® Active Management Technology Intel® AMT Software Development Kit SDKand Intel® Setup and Configuration Service Intel® SCS to mitigate this vulnerability. This issue does not affect the Intel®...
Intel® Active Management Technology Software Development Kit Remote Code Execution
Summary: Intel® Active Management Technology Intel® AMT Software Development Kit SDK is the development framework for the independent software vendors ISVs to develop manageability applications that interact with Intel® AMT-enabled systems. Updated software which corrects a potential stack overfl...
Intel® Desktop Boards Privilege Escalation
Summary: Software running administrative ring 0 privilege can under certain circumstances change code running in System Management Mode. Description: A new BIOS update is available for selected Intel desktop motherboards to ensure proper configuration settings. These changes would prevent a...
SINIT misconfiguration allows for Privilege Escalation
Summary: An updated SINIT Authenticated Code Module ACM is available for affected Intel products to correct a misconfiguration that allows for the circumvention of Intel® Trusted Execution Technology. Description: A misconfiguration in SINIT code could potentially allow a malicious attacker to...
Intel® Desktop Board Buffer Overflow Local Privilege Escalation
Summary: Updated BIOS is available for Intel® Desktop Board products to correct a buffer overflow in the Bitmap processing code. Description: A buffer overflow in the Bitmap processing code for Intel® Desktop motherboards could potentially allow a local malicious attacker to perform a Denial Of...
New BIOS available for Intel® Desktop Board products BIOS to prevent unauthorized downgrading to a previous BIOS version.
Summary: New BIOS is available for Intel® Desktop Board products BIOS to prevent downgrading to a previous BIOS version without supervisor/admin permission. Description: To prevent an unauthorized user from flashing Intel® Desktop Board products to a previous BIOS version without an explicit...
Intel® Desktop and Intel® Server Boards Privilege Escalation
Summary: Software running administrative ring 0 privilege can under certain circumstances change code running in System Management Mode. Description: To mitigate reported privilege escalation issues, BIOS updates are available for specific Intel motherboards. These changes would help prevent a...
Intel Keyboard Buffer Information Disclosure Vulnerability
Summary: Specific Intel BIOS's fail to sanitize user input entered during the Power On Self Test, POST, process. Under certain situations this issue could potentially result in a disclosure of information. Description: A new BIOS is available on select Intel motherboards to ensure proper...
Intel® Desktop and Intel® Mobile Boards Privilege Escalation
Summary: Software running administrative ring 0 privilege can under certain circumstances change code running in System Management Mode. Description: A new BIOS update is available for select Intel desktop motherboards to ensure proper configuration settings. This change would prevent a malicious...
Intel® LAN Driver Buffer Overflow Local Privilege Escalation
Summary: A software vulnerability exists in the specified PCI, PCI-X and PCIe Intel network component drivers that could allow unprivileged code executing on an affected system to perform a local privilege escalation. Description: This software vulnerability is due to a buffer overflow that could...
Intel® Enterprise Southbridge 2 Baseboard Management Controller Denial of Service
Summary: A denial of service vulnerability exists in the Intel® Enterprise Southbridge 2 Baseboard Management Controller which may allow malicious users to connect to a server system within a local area network and issue any Intelligent Platform Management Interface command. If proper external...
Intel® PROSet/Wireless Software Local Information Disclosure
Summary: A security vulnerability exists in the Intel® PROSet/Wireless Software PROSet application because of insecure usage of shared memory allowing a person having access to the user’s computer or malicious software installed on the user’s computer to obtain access to users’ wireless network...