Network Security, Patch/Configuration Management, Vulnerability Management

Intel patches 15 vulnerabilities affecting software, firmware

Intel on Tuesday distributed 11 new security advisories, disclosing 16 total vulnerabilities that affect various software or firmware products.

None of the bugs was deemed critical, but there were seven high-level issues, including an escalation of privilege in Linux Administrative Tools for Intel Network Adapters. Carrying a CVSS base score of 8.2 (the highest among this month's Intel's vulnerabilities), the flaw, designated CVE-2019-0159, is caused by insufficient memory protection in versions prior to 24.3.

The remaining high-level bugs consist of five escalation of privilege vulnerabilities in NUC firmware, and an improper conditions check in certain processors that can cause escalation of privilege and information disclosure.

Medium-level problems include denial-of-service conditions in FPGA SDK for OpenCL and Quartus Prime Pro Edition; escalation of privilege bugs in Control Center-I, Quartus Prime Pro Edition, Setup and Configuration Software (SCS) Platform Discovery Utility; and Rapid Storage Technology (RST); and an improper conditions check in multiple processors that could allow escalation of privilege, denial of service or information disclosure.

Additionally, low-severity bugs were found in the Dynamic Platform and Thermal Framework and the Ethernet 1218 Adapter Driver for Windows.

Intel has released updates that patch all of these products, except for (SCS) Platform Discovery Utility, which has been discontinued. Users are advised to avoid using the utility or uninstall it.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.