- 147/2024
- Critical
Intel has released security updates to address several vulnerabilities in multiple Intel products.
The addressed vulnerabilities could allow the attacker to gain elevated privileges, obtain sensitive information, or perform denial-of-service attacks on the affected products.
Samples of the addressed vulnerabilities:
1. Intel Neural Compressor Software Privilege Escalation Vulnerability (CVE- 2023-39425):
- CVSS: 10
- Attack Vector: Networt
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Privileges
2. Intel PROSet/Wireless WiFi and Bluetooth Denial of Service Vulnerability (CVE-2023-45845):
- CVSS: 8.2
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
Sample of the affected products:
- Intel DSA and Intel IAA.
- Intel Server Products UEFI Firmware.
- Intel Processor Diagnostic Tool.
- Intel GPA Framework Software.
- Intel XTU Software.
- Intel Computing Improvement Program Software.
- Intel Arc™ & Iris Xe Graphics Software.
- Intel Core™ Ultra Processor.
- Intel FPGA Firmware.
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.