Intel has released four security advisories to address vulnerabilities in multiple Intel products, to include Intel® Media SDK, Intel® Graphics Performance Analyzer for Linux, Microprocessor Memory Mapping and Intel® NUC.
The Intel advisories are each listed below, to include vulnerability details, recommended mitigation and severity level.
Intel® Media SDK Advisory (INTEL-SA-00201)
Intel® Media SDK Escalation of Privilege High severity vulnerability (CVE-2018-18094):
“Improper directory permissions in installer for Intel(R) Media SDK before 2018 R2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.”
Intel recommends users update to Intel® Media SDK version 2018 R2.1 or later. CVSS base score is rated 7.8.
Intel® Graphics Performance Analyzer for Linux (INTEL-SA-00236)
Intel® Graphics Performance Analyzer for Linux escalation of privilege Medium severity vulnerability (CVE-2019-0158):
“Insufficient path checking in the installation package for Intel(R) Graphics Performance Analyzer for Linux version 18.4 and before may allow an authenticated user to potentially enable escalation of privilege via local access.”
Intel recommends users update Graphics Performance Analyzer for Linux to version 2019 R1. CVSS base score is rated 6.7.
Microprocessor Mapping Advisory (INTEL-SA-00238)
Microprocessor mapping advisory Information Disclosure Low severity vulnerability (CVE-2019-0162):
“Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access.”
Intel has provided multiple mitigation recommendations in the advisory. CVSS base score is rated 3.8.
Intel® NUC Advisory (INTEL-SA-00239)
Intel® NUC (Escalation of Privilege, Denial of Service, Information Disclosure) High severity vulnerability (CVE-2019-0163):
“Insufficient input validation in system firmware for Intel(R) Broadwell U i5 vPro before version MYBDWi5v.86A may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access.”
Intel recommends users update Intel® Broadwell U i5 vPro to firmware version MYBDWi5v.86A or later. CVSS base score is rated 7.5.