Intel released patches for three high-severity flaws in its Smart Sound Technology, which if left unpatched could allow an attacker to execute arbitrary code on Intel Core and Atom processor-based PCs.
The technology was described by Intel as “an integrated audio Digital Signal Processor built to handle audio, voice, and speech interactions. It allows the latest Intel Core and Intel Atom processor-based PCs to respond to your voice command quickly and offer high fidelity audio without impacting system performance and battery life.”
The vulnerabilities, CVE-2018-3666, CVE-2018-3670, and CVE-2018-3672 are all rated as “Important” affect the driver module in Intel Smart Sound Technology before version 9.21.00.3541, according to Intel security advisory.
One vulnerability in particular CVE-2018-3670 allows a local attacker to execute arbitrary code as administrator via a buffer overflow exploit.
Intel Smart Sound Technologies before version 9.21.00.3541 are affected and officials recommend users check with system manufacturers for Intel® Smart Sound Technologies version 9.21.00.3541 or later.