Security News > 2021 > June > Intel's latest patch set plugs some serious holes in CPU, Bluetooth, server, and – ironically – security lines

Intel's latest patch set plugs some serious holes in CPU, Bluetooth, server, and – ironically – security lines
2021-06-09 12:15

Intel has pushed out a raft of security advisories for June, bringing its total discovered "Potential vulnerabilities" for the year to date to 132, only a quarter of which were reported by external contributors and the company's bug bounty programme.

"Today we released 29 security advisories addressing 73 vulnerabilities," Intel's Jerry Bryant said of the company's latest updates.

This month's patch set includes fixes for a range of issues, several of them rated as high severity - including four local privilege escalation vulnerabilities in firmware for its CPU products; another local privilege escalation vulnerability in Intel Virtualization Technology for Directed I/O; a somewhat ironic network-exploitable privilege escalation vulnerability in the Intel Security Library; yet another locally exploitable privilege escalation in the NUC family of computers; still more in its Driver and Support Assistant software and RealSense ID platform; and a denial-of-service vulnerability in selected Thunderbolt controllers.

Intel's advisories also include a patch for a medium-severity vulnerability in BlueZ, a Bluetooth software stack for Linux, which can allow for man-in-the-middle attacks against supposedly secure Bluetooth and Bluetooth Low Energy connections.

System administrators with Intel Server Board M10JNP2SB systems in use, following their release in late 2019, are advised to patch a series of high-severity vulnerabilities in the system's baseboard management controller which allow for privilege escalation and denial-of-service attacks.

"Suggesting 40 per cent were found through its own programme suggests that it's both productive as well as nodding to the possibility of having more severe vulnerabilities than they would ideally like. It is vital for any users with affected products to update to the latest firmware as soon as possible."


News URL

https://go.theregister.com/feed/www.theregister.com/2021/06/09/intels_latest_patch_set/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Bluetooth 4 3 10 3 0 16