Patch-day: to-Intel-to spots, including the Audio and graphics drivers

0


As well as some of the other companies, Intel also released on “Patch Tuesday” of each month, with a lot of Security Advisories, security flaws across multiple products in the best-case scenario, including the References to the Updates that are available.

An Overview of the framework of the March-patch, days of posted Warnings, a recent blog entry on [email protected] Therefore, the lack of high severity (CVSS-v3 Scores between the 7.0 and 8.9, in conformity with the specification, are to be found

The The Drivers of the sound in the gap of an INTEL-SA-00354 (CVE-2020-0583, CVSS v3 Score of 8.6 or later) requires that you access the site, and may also be used, under certain conditions, right-click the expansion is lost. It relates to the Smart Technology and audio processors, from the Core of the eighth-Generation Core i7 processors in several generations, and has been closed with a Version of 3431, or 3349 (i7). The corresponding versions are to be supplied by the manufacturer of the device.

A total of 17 gaps, ranging in severity from “Low” to “High” leads to an Advisory INTEL-SA-00315 (graphics driver) in. They could be exploited, according to Intel, among other things, to the Denial-of-Service attacks, privilege escalation, and unauthorized access to the information is not specified. Details about the versions of the driver, please refer to the press Release. Intel has announced the Updates for the driver, you can get it from the download center.

The Updates to the BlueZ (INTEL-SA-00352) they come from the BlueZ developers themselves. In the form of the BlueZ Version is 5.53, which is set against the Advice and guidance that is described in CVE-2020-0556 (CVSS v3 Score of 7.1). All previous versions are vulnerable to this. The difference is that according to the description of the neighbor networks to each other (“adjacent” access without authentication may also be explored, here, too, is the Denial-of-Service and privilege escalation can be the result. For more Details about the security gap in the developer-Alain Michaud, said in a mailing list post.

At Intel it is recommended to update BlueZ to Version 5.53 because this is the bluez.org available to you. Even so, you could rely on in an upcoming Patch (see the [BlueZ,1/2] and [BlueZ,2/2]).

For the various models of the Intel NUC Mini-PCs there are, according to the INTEL-SA-00343 The Firmware Updates. Tried to escalate privileges locally exploited vulnerability-CVE-2020-0530, CVE-2020-0526 (7.8 / 7.7). The details of the affected NUC, model, and Firmware version, along with Download Links for the NUC-not the owners, can be found in the press Release.

The rest of the Alerts is to call for more Details about the vulnerabilities, the security level is “Medium”rating. Among them, the security CPU-the gap in the Amount of Charge Injection (LVI) is found, we are not in a separate article reported.


(video game)