Overclock.net - An Overclocking Community

Overclock.net - An Overclocking Community (https://www.overclock.net/forum/)
-   Hardware News (https://www.overclock.net/forum/225-hardware-news/)
-   -   [Tom's Hardware] Security Flaws Found in Intel Software, Data Center SSDs (https://www.overclock.net/forum/225-hardware-news/1729204-toms-hardware-security-flaws-found-intel-software-data-center-ssds.html)

WannaBeOCer 07-11-2019 11:34 AM

[Tom's Hardware] Security Flaws Found in Intel Software, Data Center SSDs
 
Source: https://www.tomshardware.com/news/in...ssd,39845.html


Quote:

Two New Flaws Found in Intel's Software

The flaw in the processor diagnostic tool (CVE-2019-11133) is rated 8.2 out 10 on the CVSS 3.0 scale, making it a high-severity vulnerability. The flaw “may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access,” according to Intel’s latest security advisory. Versions of the tool that are older than 4.1.2.24 are affected.

The second vulnerability, found by Intel’s internal team, is a medium-severity vulnerability in Intel’s SSD DC S4500/S4600 series sold to data center customers. The flaw found in the SSD firmware versions older than SCV10150 obtained a 5.3 score on the CVSS 3.0 scale, so it was labeled medium-severity. The bug may allow an unprivileged user to enable privilege escalation via physical access.

As one of the flaws was uncovered by Intel itself and for the other the Eclypsium research coordinated with Intel for its disclosure, Intel was able to have ready the patches in time for the public announcement.

Melan 07-11-2019 11:46 AM

They just can't catch a break, can they?

Darren9 07-11-2019 12:31 PM

Quote:

Originally Posted by Melan (Post 28037730)
They just can't catch a break, can they?

Local access privilege escalation usually come and go without anyone noticing, Windows must average over 1 a month, CVE-2019-1132 and CVE-2019-0880 are two from this months patch Tuesday (and 16 critical/60 important updates is a sparse month) - Did you even know that MS fixed two this month? :)

Melan 07-11-2019 12:59 PM

I was more referring to the second "Intel's Security Issues Continue" part.


All times are GMT -7. The time now is 10:51 AM.

Powered by vBulletin® Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.

User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
vBulletin Security provided by vBSecurity (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.

vBulletin Optimisation provided by vB Optimise (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.