Intel discovers four security bugs in its products

Intel issued a warning about four newly discovered security holes in its products. First up, the firm has a patch for a high-severity flaw in the Intel Media Software Development Kit (SDK) that allow for escalation of privilege. Another software bug is found in the Intel Graphics Performance Analyser for Linux, that medium-severity flaw also got updated other operating systems were not affected.

Next, some of Broadwell U i5-based NUC systems with firmware version prior to MYBDWi5v.86A have a bug that enables an authenticated user to boost their privilege level, perform a DOS attack, or expose supposedly-protected data. Updated firmware is available via the Intel website.

Rated less severe is another bug in Intel's processors. Deemed less of an issue than Spectre of Meltdown, the new vulnerability seems more related to SPOILER, and will require developers to adjust their software:

Considerably less troublesome than Spectre or Meltdown, the company claims, the vulnerability lies in the virtual memory mapping (VMM) capabilities of selected processors and allows an authenticated user on the local system to 'potentially enable information disclosure'. It's most closely related to the Spoiler vulnerability, and requires that developers tweak their software to resist side-channel and timing attacks - meaning Intel has not, and will not, be releasing patches of its own to resolve the vulnerability.

Via: Bit Tech