Intel has released a series of security updates crossing seven product lines with three rated high and four carrying a medium severity rating.
The three high-rated issues cover Intel’s NUC (CVE-2019-11140), Processor Identification Utility for Windows (CVE-2019-11163) and Computing Improvement Program (CVE-2019-11162).
The NUC vulnerability is due to an insufficient session validation in system firmware that could lead to a privileged user to potentially enable escalation of privilege, denial of service and or information disclosure via local access.
CVE-2019-11163 is an insufficient access control in a hardware abstraction driver issue impacting versions before 6.1.0731 and which could allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access.
The Computing Improvement Program flaw is based on insufficient access control in hardware abstraction in SEMA driver for the product that if exploited could let an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access.
The medium-rated problems can be found in Intel RAID Web Console 2, Authenticate, Driver & Support Assistant and Remote Displays SDK.
Intel has released patches for all included issues.