Intel has provided software and firmware patches to address several security flaws discovered in its devices. Last week, the chipmaker issued 22 security advisories, seven of which had a “high” overall severity rating. These advisories detail 18 high-severity flaws, most of which may be used to gain elevated privileges. Others can result in data leakage or a denial of service (DoS). Local access to the targeted device is usually required to exploit these issues.
According to one advisory, users should be aware that the BIOS firmware for some Intel CPUs is vulnerable to 10 high-severity privilege escalation vulnerabilities. Another advisory explains one severe vulnerability that has been discovered in the Intel chipset firmware in Server Platform Services (SPS), Power Management Controller (PMC), and Active Management Technology (AMT).
The Kernelflinger open-source project, Intel Quartus Prime components, PROSet/Wireless Wi-Fi and Killer Wi-Fi devices, and the AMT SDK, Setup and Configuration Software (SCS), and Management Engine BIOS eXtensions (MEBx) have all been determined to have high-severity flaws. The remaining warnings detail over a dozen medium- and low-severity flaws that the business has patched this month.
Certain computer vendors, like HPE, have also issued warnings to notify their customers about the Intel hardware vulnerabilities. Given the widespread usage of Intel software and firmware, these vulnerabilities might be valuable to threat actors. But, CISA’s Known Exploited Vulnerabilities Catalog only identifies one Intel weakness (CVE-2017-5689) among more than 370 faults that have been exploited in attacks over the previous decade.
Intel addressed 226 vulnerabilities in its products last year, and its bug bounty program has paid out an average of $800,000 every year since its inception in 2018. In 2021, two vulnerabilities were deemed “critical,” while 52 were rated “high severity.”
