This Patch Tuesday, Intel published 41 new security advisories covering a total of more than 90 vulnerabilities found in the company’s products.
The chip giant has released patches for a majority of these vulnerabilities, while for some it has provided mitigations.
The most important flaw, based on its severity rating of ‘critical’ and a CVSS score of 10, is CVE-2024-22476. The security hole has been identified in Neural Compressor, an AI product that performs model optimization to reduce the model size and increase the speed of deep learning inference for deployment on CPUs or GPUs.
Intel says this critical vulnerability could allow an unauthenticated attacker to “enable escalation of privilege via remote access”.
High-severity flaws have been found in the UEFI firmware of server products, Arc & Iris Xe Graphics, PROSet/Wireless, Power Gadget, Trust Domain Extensions, Secure Device Manager, Dynamic Tuning Technology, Thunderbolt, Graphics Performance Analyzers, BIOS Guard and Platform Properties Assessment Module, and Ethernet Controller I225 Manageability products.
These flaws can allow privilege escalation, DoS attacks, or information disclosure.
Medium-severity vulnerabilities have been addressed in Data Streaming Accelerator and Analytics Accelerator, Processor Diagnostic Tool, Graphics Performance Analyzers, Extreme Tuning Utility, Computing Improvement Program, Ethernet Controller Administrative Tools, Quartus Prime, Processor Identification Utility, Programmable Gate Array, Core Ultra processor, and Advisor products.
Medium-severity issues have also been found in Inspector, Distribution for GDB, Data Center GPU Max Series, Performance Counter Monitor, VTune Profiler, Chipset Device Software, Driver & Support Assistant, Context Sensing Technology, Arc Control, Libva library, Dynamic Load Balancer, Graphics Command Center Service, Endurance Gaming Mode, Server Board onboard video driver, Media SDK, and oneAPI Video Processing Library products.
Exploitation of a majority of these flaws can lead to privilege escalation, and some can allow DoS attacks or information disclosure.
Related: Companies Respond to ‘Downfall’ Intel CPU Vulnerability
Related: Intel, AMD, Zoom, Splunk Release Patch Tuesday Security Advisories
Related: Chipmaker Patch Tuesday: Intel, AMD Address New Microarchitectural Vulnerabilities