Business

Intel fixes 73 vulnerabilities in June 2021 Platform Update

Published

on

Intel has addressed 73 security vulnerabilities as part of the June 2021 Patch Tuesday, including high severity ones impacting some versions of Intel’s Security Library and the BIOS firmware for Intel processors.

Intel detailed the security flaws in the 29 security advisories published today on its Product Security Center.

“Today we released 29 security advisories addressing 73 vulnerabilities. 40 of those, or 55%, were found internally through our own proactive security research,” Intel’s Director of Communications Jerry Bryant said.

Intel provides a list of impacted products and recommendations for vulnerable products at the end of each advisory, together with contact details for security researchers who want to report security issues or vulnerabilities found in Intel branded tech.

June 2021 Intel Platform Update highlights

Of note, among the security updates released today, Intel addressed five high severity vulnerabilities impacting the Intel Virtualization Technology for Directed I/0 (VT-d) products, the BIOS firmware for some Intel processors, and the Intel Security Library.

The first of them (tracked as CVE-2021-24489) is caused by incomplete cleanup in some Intel VT-d products that could enable authenticated attackers to escalate privileges via local access.

Intel patched four more bugs (tracked as CVE-2020-12357CVE-2020-8670CVE-2020-8700, and CVE-2020-12359) caused by improper initialization, race condition, improper input validation, and insufficient control flow management in the CPU BIOS firmware allowing escalation of privilege via local or physical access.

The high severity bug patched in the Intel Security Library impacts versions before version 3.3, and it is caused by a key exchange without entity authentication enabling authenticated attackers to escalate privilege via network access.

Intel also patched 11 other high severity security vulnerabilities impacting Intel NUCs, Intel Driver and Support Assistant (DSA), Intel RealSense ID, Intel Field Programmable Gate Array (FPGA) Open Programmable Acceleration Engine (OPAE) driver for Linux, and Intel Thunderbolt controllers.

Full list of June 2021 Patch Tuesday advisories

You can find a list of all issued Intel security advisories in the table embedded below, with full details on each of the addressed vulnerabilities and info on impacted products within the linked Product Security Center entries.

“Intel recommends that users of the affected products update to the latest firmware version provided by the system manufacturer that addresses these issues,” the company added.

“Overall, 95% of the issues being addressed today are the result of our ongoing investments in security assurance, which is consistent with our 2020 Product Security Report.”

“During the first six months of 2021, we addressed 132 potential vulnerabilities with 70% of those being internally discovered and mitigated before they were publicly disclosed,” Bryant added. 

“56 of the 132 issues were found in graphics, networking and Bluetooth components.”

AdvisoriesAdvisory Number
Intel Brand Verification Tool AdvisoryINTEL-SA-00546
Intel Rapid Storage Technology AdvisoryINTEL-SA-00545
Intel Optane DC Persistent Memory for Windows AdvisoryINTEL-SA-00541
Intel SSD Data Center Tool AdvisoryINTEL-SA-00537
Intel Computing Improvement Program AdvisoryINTEL-SA-00530
Intel Security Library AdvisoryINTEL-SA-00521
Intel Wireless Bluetooth and Killer Bluetooth AdvisoryINTEL-SA-00520
Intel VTune Profiler AdvisoryINTEL-SA-00518
BlueZ AdvisoryINTEL-SA-00517
Intel Processors Software Developer Guidance AdvisoryINTEL-SA-00516
Intel NUC Firmware AdvisoryINTEL-SA-00511
Intel DSA AdvisoryINTEL-SA-00510
Intel NUC M15 Laptop Kit Driver Pack AdvisoryINTEL-SA-00507
Intel Unite Client for Windows AdvisoryINTEL-SA-00506
Intel NUC 9 Extreme Laptop Kit LAN Driver AdvisoryINTEL-SA-00505
Intel SPS AdvisoryINTEL-SA-00500
Intel IPP and SGX Software AdvisoryINTEL-SA-00477
Intel Server Boards, Server Systems and Compute Modules AdvisoryINTEL-SA-00476
Intel Server Board M10JNP2SB AdvisoryINTEL-SA-00474
Intel ProSet/Wireless WiFi Driver AdvisoryINTEL-SA-00472
2021.1 IPU – Intel Atom Processor AdvisoryINTEL-SA-00465
Intel Processor AdvisoryINTEL-SA-00464
2021.1 IPU – BIOS AdvisoryINTEL-SA-00463
Intel RealSense ID AdvisoryINTEL-SA-00460
2021.1 IPU – Intel CSME, SPS and LMS AdvisoryINTEL-SA-00459
Intel Processor Diagnostics Tool AdvisoryINTEL-SA-00458
2021.1 IPU – Intel VT-d AdvisoryINTEL-SA-00442
Intel FPGA OPAE Driver AdvisoryINTEL-SA-00440
Intel Thunderbolt Controller AdvisoryINTEL-SA-00401

Source: https://www.bleepingcomputer.com/news/security/intel-fixes-73-vulnerabilities-in-june-2021-platform-update/

Click to comment
Exit mobile version