Intel has launched a 25-strong assortment of safety advisories, together with one for a vital vulnerability in its baseboard administration controller (BMC) firmware.
Intel’s Integrated BMC and OpenBMC advisory covers 5 particular person vulnerabilities together with CVE-2021-39296which Intel inherits from OpenBMC.
Crafted clever platform administration interface (IPMI) messages enable an attacker to bypass authentication and procure “full management of the system”.
Different BMC bugs included CVE-2022-35729a denial-of-service by way of an out-of-bounds learn in OpenBMC.
Amongst bugs rated as excessive danger, CVE-2022-25987 in Intel’s oneAPI toolkits presents network-based escalation of privilege for an unauthenticated attacker.
The bug is described as an “improper dealing with of Unicode encoding in supply code to be compiled by the Intel C++ Compiler Traditional earlier than model 2021.6 for Intel oneAPI Toolkits earlier than model 2022.2”.
Some Atom and Xeon scalable processors could also be topic to assault from an adjoining community in CVE-2022-21216due to “inadequate granularity of entry management”.
The corporate’s System Utilization Report software program is topic to a number of vulnerabilities that permits escalation of privilege and denial of service.
One other vulnerability has been present in Intel’s now-deprecated Software program Guard eXtensions (SGX), as CVE-2022-33196.
Some reminiscence controller configurations have incorrect default permissions permitting privilege escalation, however solely by way of native entry to a privileged person.
The complete listing of vulnerability disclosures is here.
