Intel Fixes 27 Across Software Portfolio Vulnerabilities

Intel

Patches for over two dozen faults affecting graphics drivers, FPGA, NUC, BlueZ, and other items were released this week.

A total of 17 bugs in its graphics drivers, most notably a buffer overflow that could lead to service denial, have been patched by the chip maker. The error is rated as high gravity when monitored as CVE-2020-0504 (CVSS score 8.4).

Five other high-risk issues addressed in graphic drivers may lead, in some cases, to service denials through local access or privilege escalation. These issues include insufficient access control, cross-path testing, inappropriate conditions and buffer overflow problems.

Ten of the remaining vulnerabilities are of medium severity and may lead to an escalation of privilege, denial of service or disclosure of information. The low level of security vulnerability could lead to denial of service.

In the Field Programmable Gate Array (FPGA) Programmable Acceleration Card (PAC) N3000, two vulnerabilities have been fixed. Tracked as CVE-2019-14626, the first of them might lead to privilege escalation and the second, CVE-2019-14625, might lead to service denial.

The one bug in Optane DC Persistent Memory Module Management Software this week could result in an increase in privilege and service denial. It is considered to be of medium severity (CVSS score 4.4), monitored as CVE-2020-0546.

Another medium serious flaw in Intel processors has been fixed. CVE-2020-0550 is monitored and also called Snoop Assisted L1D Sampling, and consists of insufficient data transmission in some data cache which could lead to disclosure of information.

Intel also fixed unacceptable buffer constraints and input validation for NUC firmware, two problems that might lead to privilege increases. The vulnerabilities monitored as CVE-2020-0530 and CVE-2020-0526 are considered of high severity, with 7.8 and 7.7 CVSS scores respectively.

All of these vulnerabilities could be exploited by local access by authenticated users, says Intel.

The chipmaker has fixed the medium gravity improper block design configuration for MAX 10 FPGA (CVE-2020-0574) and the BlueZ (CVE-2020-0556) and Smart Sound Technology (CVE-2020-0583) high-risk inappropriate controller access control. The problems could lead to the disclosure of information, decreased privilege and denial of services and increased privilege.

This week, Intel also discussed CVE-2020-0551, the reverse meltdown-type attack or load value injection (LVI). The vulnerability enables malicious software to access potentially sensitive information on the computer.

 

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.