Multiple vulnerabilities found in Intel products; patches already available

This week Intel issued six security alerts to notify its users about the release of new firmware and software updates to fix at least 15 vulnerabilities in various products. According to the alert, one of the detected flaws (CVE-2021-0196) received a high severity score and apparently resides in some Intel NUC 9 Extreme laptop kits whose exploitation would allow privilege escalation on the target system.

Another of the high-severity flaws identified affects the Linux Series X722 and 800 drivers on Intel Ethernet. The flaw was identified as CVE-2021-0084 and could be exploited by authenticated threat actors to perform a privilege escalation attack. Two similar flaws are considered to be of medium severity and could lead to a scenario of information disclosure and denial of service (DoS) conditions, although they would also require local access for successful exploitation.

An additional dozen security alerts refer to some low-severity issues, including privilege escalation errors in AverMedia Capture Card controllers, DoS conditions in Optane Persistent Memory (PMem), and other minor errors in graphics drivers and adapters.

The vulnerabilities were reported to the Cybersecurity and Infrastructure Security Agency (CISA), which published a full report and issued some additional recommendations to the installation of the corresponding patches. Even so, the main security recommendation remains the installation of official security patches.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.