—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Intel Products

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: High

Software Affected

Intel® Atom® Server SoCs (P5000, C5000, P6000 families)

Intel® Xeon® Processors, including:

4th and 5th Gen Xeon® Scalable processors

Intel® Xeon® 6 processors (P-core and E-core variants, including SoCs)

Intel® Server Boards and Firmware Packages, including affected BIOS and System Firmware Update Packages (SFUP)

Intel® Server Firmware Update Utility (SysFwUpdt) versions prior to 16.0.12

Systems using Intel® 100¿700 Series Chipsets and Intel® C-series Server Chipsets

Platforms running affected Intel® Converged Security and Management Engine (CSME) / Intel® AMT / Manageability firmware

Select Intel® Core¿ (8th/9th Gen), Core¿ Ultra, Pentium® Gold, and Celeron® processors running impacted firmware versions

Note: For a complete list, refer to the OEM advisory given in the references section.

Overview

Multiple vulnerabilities have been reported in Intel Products, which could allow an attacker to gain elevated privileges, obtain sensitive information or cause denial of service conditions on the targeted system.

Target Audience:

Individuals and organizations using the above-mentioned Intel products.

Risk Assessment:

High risk of privilege escalation, system instability or sensitive information disclosure.

Impact Assessment:

Potential unauthorized access to sensitive information, denial of service, privilege escalation or disruption of system operations.

Description

Multiple vulnerabilities have been identified in certain Intel® products. These vulnerabilities could allow an attacker to gain elevated privileges, access sensitive information, or cause denial-of-service conditions on the affected systems.

For a complete list of affected products, CVEs, workarounds and solutions, refer to the Intel® Security Advisories given in the references section.

Solution

Apply appropriate security updates as mentioned in Intel security updates given in the references section  

Vendor Information

Intel

https://www.intel.com

References

Intel

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01406.html

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01401.html

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01397.html

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01325.html

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01315.html

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmmUgoMACgkQ3jCgcSdc

ys9zIg//dp4VpEgXyFxmVfLSmSBLhJRcqVCp8qApkrPqz3cyp8wGd21pBlezj7io

H3MMhHEsCz4yABj2+u9p5hrHpPZ//xvMDhT6ri9Jp/Lz4av3ugP+CZQIZHAHCYvO

17lHfX8bUES6PEZEWHu7EwtiYD/wqm7VWNSqTIgjuCfHg/Q6I8mtuhA+IDiHejr7

HxDp2REMMOEc17tn4ShXwlddbD7ZBr7fmtz40mN2S5lKz13gIMt2fPBLvQ0ivPll

Nuo8/hlCwgHnla3UyVr8XTgkVU9maVWXttTgFP70Asmou71L65cftGyohHBfUzdP

beV/tHPu6WExjF5M5FkeZlcLWz5uZ7tDiKuv6HkUob9oO3TNbyHHWmxma+Lueqmz

f5tlB3q35eiBk46kKdKwCnt0ruVbR98Iu4YRXVuR80RP7Z0ZKube4JKHfpXPcu0H

qf1TJsP1IIGwuCPfdScGHx46j1AgksdXgubm7x6aCr+Tvnc//nfXntDSxGzdIi51

9nT+yIBJYd2MyVBR2VJHhdfBweNZ5GBNKB5fu/VkIVNMR1QygFBG6+Oy56xE18fY

3CTa6rQmKFDI0fXsQtFskKHFU8/X0UqtHX1TBugmdp2QmApUMZLkPGgdJ9R8j/+E

43qq9vpYFuApuKlFQ+uo9YUXcHsKzbRMNlvTM0OYDfkY2R0yosY=

=lNo3

—–END PGP SIGNATURE—–