Intel on Tuesday distributed 11 new security advisories, disclosing 16 total vulnerabilities that affect various software or firmware products.
None of the bugs was deemed critical, but there were seven high-level issues, including an escalation of privilege in Linux Administrative Tools for Intel Network Adapters. Carrying a CVSS base score of 8.2 (the highest among this month’s Intel’s vulnerabilities), the flaw, designated CVE-2019-0159, is caused by insufficient memory protection in versions prior to 24.3.
The remaining high-level bugs consist of five escalation of privilege vulnerabilities in NUC firmware, and an improper conditions check in certain processors that can cause escalation of privilege and information disclosure.
Medium-level problems include denial-of-service conditions in FPGA SDK for OpenCL and Quartus Prime Pro Edition; escalation of privilege bugs in Control Center-I, Quartus Prime Pro Edition, Setup and Configuration Software (SCS) Platform Discovery Utility; and Rapid Storage Technology (RST); and an improper conditions check in multiple processors that could allow escalation of privilege, denial of service or information disclosure.
Additionally, low-severity bugs were found in the Dynamic Platform and Thermal Framework and the Ethernet 1218 Adapter Driver for Windows.
Intel has released updates that patch all of these products, except for (SCS) Platform Discovery Utility, which has been discontinued. Users are advised to avoid using the utility or uninstall it.
