[German] Intel has issued a security advisory on March 10, 2020, in which vulnerabilities in various products and available updates are pointed out. A critical vulnerability is found in a graphics driver.
Advertising
I already became aware of a fixed vulnerability in the Windows graphics driver via the tweet from Bleeping Computer.
Intel Patches High Severity Flaws in Windows Graphics Drivers – by @sergheihttps://t.co/lIqu5fz9SB
— BleepingComputer (@BleepinComputer) March 11, 2020
Below is an excerpt from the list of Intel products affected by vulnerabilities for which Intel has published security advisories.
- INTEL-SA-00354: Intel® Smart Sound Technology Advisory, Security-Index 8.6
- INTEL-SA-00315: Intel® Graphics Driver Advisory, Security-Index 8.4
- INTEL-SA-00352: BlueZ Advisory, Security-Index 8.3
- INTEL-SA-00343: Intel® NUC™ Firmware Advisory, Security-Index 7.8
- INTEL-SA-00349: Intel® MAX® 10 FPGA Advisory, Security-Index 6.1
- INTEL-SA-00319: Intel® FPGA Programmable Acceleration Card N3000 Advisory, Security-Index 6
- INTEL-SA-00330: Snoop Assisted L1D Sampling Advisory, Security-Index 5.6
- INTEL-SA-00334: Intel® Processors Load Value Injection Advisory, Security-Index 5.6
- INTEL-SA-00326: Intel® Optane™ DC Persistent Memory Module Management Software Advisory, Security-Index 4.4
Concerning INTEL-SA-00334, "Intel® Processor Load Value Injection" (LVI), Intel is aware of reports about this (see the blog post New LVI LFB vulnerability discovered in Intel CPUs. Due to the many complex requirements that must be met to successfully perform the LVI method, Intel believes that LVI poses virtually no risk in real-world environments where the operating system and VMM are trusted. New guidelines and mitigation tools for LVI are now available. Details can be found in the linked articles.
