SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Intel Publishes 41 Security Advisories for Over 90 Vulnerabilities 

Intel has published 41 new May 2024 Patch Tuesday advisories covering a total of more than 90 vulnerabilities. 
Intel

This Patch Tuesday, Intel published 41 new security advisories covering a total of more than 90 vulnerabilities found in the company’s products. 

The chip giant has released patches for a majority of these vulnerabilities, while for some it has provided mitigations. 

The most important flaw, based on its severity rating of ‘critical’ and a CVSS score of 10, is CVE-2024-22476. The security hole has been identified in Neural Compressor, an AI product that performs model optimization to reduce the model size and increase the speed of deep learning inference for deployment on CPUs or GPUs. 

Intel says this critical vulnerability could allow an unauthenticated attacker to “enable escalation of privilege via remote access”.

High-severity flaws have been found in the UEFI firmware of server products, Arc & Iris Xe Graphics, PROSet/Wireless, Power Gadget, Trust Domain Extensions, Secure Device Manager, Dynamic Tuning Technology, Thunderbolt, Graphics Performance Analyzers, BIOS Guard and Platform Properties Assessment Module, and Ethernet Controller I225 Manageability products.

These flaws can allow privilege escalation, DoS attacks, or information disclosure.

Medium-severity vulnerabilities have been addressed in Data Streaming Accelerator and Analytics Accelerator, Processor Diagnostic Tool, Graphics Performance Analyzers, Extreme Tuning Utility, Computing Improvement Program, Ethernet Controller Administrative Tools, Quartus Prime, Processor Identification Utility, Programmable Gate Array, Core Ultra processor, and Advisor products.

Medium-severity issues have also been found in Inspector, Distribution for GDB, Data Center GPU Max Series, Performance Counter Monitor, VTune Profiler, Chipset Device Software, Driver & Support Assistant, Context Sensing Technology, Arc Control, Libva library, Dynamic Load Balancer, Graphics Command Center Service, Endurance Gaming Mode, Server Board onboard video driver, Media SDK, and oneAPI Video Processing Library products.

Advertisement. Scroll to continue reading.

Exploitation of a majority of these flaws can lead to privilege escalation, and some can allow DoS attacks or information disclosure. 

Related: Companies Respond to ‘Downfall’ Intel CPU Vulnerability 

Related: Intel, AMD, Zoom, Splunk Release Patch Tuesday Security Advisories

Related: Chipmaker Patch Tuesday: Intel, AMD Address New Microarchitectural Vulnerabilities

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

CIEM Chat: How to Reduce Cloud Identity Risk
March 26, 2024

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

Event: AI Risk Summit | Ritz-Carlton, Half Moon Bay, CA
April 17, 2024

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Jill Popelka resigns from Darktrace's board of directors to become the company's Chief Operating Officer.

Denmark-based SIEM company Logpoint has named Mikkel Drucker as its CEO.

Jeff Miller has been named the CIO of Clayco after serving as CISO at Quantinuum.

More People On The Move

Expert Insights