That LVI CPU hole wasn’t the only Intel fix: Dozens of flaws patched to stop chips turning into potatoes
Intel has posted a fresh crop of firmware updates for security flaws in its chipsets.
The March fix bundle includes nine advisories covering processors, FPGAs, and other components, as well as the high-profile Meltdown-style LVI hole.
Among the most expansive is the advisory for Intel graphics drivers. In total, 17 CVE-listed bugs were patched, ranging from elevation-of-privilege and denial-of-service to information-disclosure flaws.
The FPGA PAC N-3000 card has received an update for two CVE-listed flaws, one allowing elevation-of-privilege for an attacker and another allowing for denial-of-service.
A single flaw in the Optane DC Persistent Memory Management Software could potentially allow for elevation of privilege or a denial of service.
‘Unfixable’ boot ROM security flaw in millions of Intel chips could spell ‘utter chaos’ for DRM, file encryption, etc
An information-disclosure flaw in data forwarding for Intel processors prompted an advisory and firmware update, as did the already disclosed LVI design flaw.
Intel NUC mini-computers got an update for an escalation of privilege bug rated as a “high” risk.
Those using the Intel Max 10 FPGA hardware will want to enable JTAG Secure Mode to guard against an information disclosure vulnerability.
Intel’s BlueZ Bluetooth component has been updated with a fix for a high-risk flaw that would potentially allow information disclosure or denial of service attacks.
SmartSound, a component in both the 10th and 8th generation Intel CPUs, has received a patch for a flaw that would allow an unauthenticated user to elevate privileges and move through a target system.
Users and admins are advised to test and install any of the needed Intel updates as soon as possible. ®
Sponsored:
Quit your addiction to storage
Article source: https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/11/intel_march_2020_patches/