Intel patches dozens of bugs

By

Baseboard management controller has authentication bypass.

Intel has released a 25-strong collection of security advisories, including one for a critical vulnerability in its baseboard management controller (BMC) firmware.

Intel patches dozens of bugs

Intel’s Integrated BMC and OpenBMC advisory covers five individual vulnerabilities including CVE-2021-39296, which Intel inherits from OpenBMC.

Crafted intelligent platform management interface (IPMI) messages allow an attacker to bypass authentication and obtain “full control of the system”.

Other BMC bugs include CVE-2022-35729, a denial-of-service via an out-of-bounds read in OpenBMC.

Among bugs rated as high risk, CVE-2022-25987 in Intel’s oneAPI toolkits offers network-based escalation of privilege for an unauthenticated attacker. 

The bug is described as an “improper handling of Unicode encoding in source code to be compiled by the Intel C++ Compiler Classic before version 2021.6 for Intel oneAPI Toolkits before version 2022.2”.

Some Atom and Xeon scalable processors may be subject to attack from an adjacent network in CVE-2022-21216, because of “insufficient granularity of access control”.

The company’s System Usage Report software is subject to a number of vulnerabilities that allow escalation of privilege and denial of service.

Another vulnerability has been found in Intel’s now-deprecated Software Guard eXtensions (SGX), as CVE-2022-33196.

Some memory controller configurations have incorrect default permissions allowing privilege escalation, but only via local access to a privileged user.

The full list of vulnerability disclosures is here.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Phishing attack nets enormous npm supply chain compromise

Phishing attack nets enormous npm supply chain compromise

Service NSW centralises security, networking in mammoth CloudOps overhaul

Service NSW centralises security, networking in mammoth CloudOps overhaul

VicRoads to phase out passwords in favour of passkeys

VicRoads to phase out passwords in favour of passkeys

Apple adds "mercenary spyware" protection to new A19 chip

Apple adds "mercenary spyware" protection to new A19 chip

Log In

  |  Forgot your password?