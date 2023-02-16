Intel patches dozens of bugs

By on
Intel patches dozens of bugs

Baseboard management controller has authentication bypass.

Intel has released a 25-strong collection of security advisories, including one for a critical vulnerability in its baseboard management controller (BMC) firmware.

Intel’s Integrated BMC and OpenBMC advisory covers five individual vulnerabilities including CVE-2021-39296, which Intel inherits from OpenBMC.

Crafted intelligent platform management interface (IPMI) messages allow an attacker to bypass authentication and obtain “full control of the system”.

Other BMC bugs include CVE-2022-35729, a denial-of-service via an out-of-bounds read in OpenBMC.

Among bugs rated as high risk, CVE-2022-25987 in Intel’s oneAPI toolkits offers network-based escalation of privilege for an unauthenticated attacker. 

The bug is described as an “improper handling of Unicode encoding in source code to be compiled by the Intel C++ Compiler Classic before version 2021.6 for Intel oneAPI Toolkits before version 2022.2”.

Some Atom and Xeon scalable processors may be subject to attack from an adjacent network in CVE-2022-21216, because of “insufficient granularity of access control”.

The company’s System Usage Report software is subject to a number of vulnerabilities that allow escalation of privilege and denial of service.

Another vulnerability has been found in Intel’s now-deprecated Software Guard eXtensions (SGX), as CVE-2022-33196.

Some memory controller configurations have incorrect default permissions allowing privilege escalation, but only via local access to a privileged user.

The full list of vulnerability disclosures is here.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
hardwareintelsecuritysoftwarevulnerability

Sponsored Whitepapers

2023 Tech Forecast: Build a recession-proof tech workforce
2023 Tech Forecast: Build a recession-proof tech workforce
Technology Skill Development | The strategy for building better teams
Technology Skill Development | The strategy for building better teams
Perspecitves on technology skill development
Perspecitves on technology skill development
State of Upskilling | 2022 Retrospective
State of Upskilling | 2022 Retrospective
Business Case for Upskilling
Business Case for Upskilling

Events

Most Read Articles

Gov sees 47 mandatory cyber incident reports in nine months

Gov sees 47 mandatory cyber incident reports in nine months
Bunnings and Kmart facial recognition probe set to finish by July

Bunnings and Kmart facial recognition probe set to finish by July
Cyber Security NSW falling short in local government remit

Cyber Security NSW falling short in local government remit
Cyber Security NSW takes maturity assessments at face value

Cyber Security NSW takes maturity assessments at face value

Digital Nation

Case study: Transurban uses automation to detect road incidents
Case study: Transurban uses automation to detect road incidents
Cover Story: The business of gaming will reshape marketing, technology
Cover Story: The business of gaming will reshape marketing, technology
Meta threatens to take news off its platform in the US. Yep, we're here again
Meta threatens to take news off its platform in the US. Yep, we're here again
Case study: How La Trobe University sets its data students up for success
Case study: How La Trobe University sets its data students up for success
Case Study: How HCF reengaged its customers through data and analytics
Case Study: How HCF reengaged its customers through data and analytics

Log In

  |  Forgot your password?