Intel finds 20+ processor vulnerabilities and urges system updates
Intel has announced the identification of more than 20 vulnerabilities that could affect a number of its processors and has urged users to update their systems in order to mitigate the risk of exploitation. The primary area of vulnerability is the Intel UEFI firmware utilized in processor series, including Atom, Xeon, Pentium, Celeron, and Core. Security issues can result in privilege escalation, system crashes and the leakage of sensitive information. On 10 September 2024, Intel issued a warning that highlighted the significant risk faced by systems that had not been patched.
The severity of these vulnerabilities varies, with some rated as ‘high’ by the CVSS rating system, indicating a significant threat to system security if they are not addressed.
Among the most significant issues are those resulting from the erroneous processing of input data and race states. To illustrate, vulnerability CVE-2024-23599 is associated with a race condition in Seamless Firmware Updates, which has the potential to result in system failures. Another vulnerability, CVE-2024-21871, is the result of inadequate input validation, which could permit an adversary to obtain elevated privileges on the system. Another significant issue, CVE-2024-21781, has the potential to result in the leakage of data or a system crash.
The aforementioned vulnerabilities have been identified in a multitude of Intel processors, encompassing the Intel® Xeon® D family, the Intel® Core™ 10th-13th generations, and the Intel® Pentium® N series.
Intel adheres to a policy of coordinated disclosure, whereby identified vulnerabilities are only made public when patches are released. It is recommended that users contact their device manufacturers to install the latest firmware updates.
The company acknowledged the contributions of independent security experts, including Phoenix Technologies and Jeremy Boone, who were instrumental in identifying a considerable number of these vulnerabilities. The contributions of these experts have been instrumental in enhancing the security of Intel products that are susceptible to potential threats.
Although there is currently no evidence of exploitation, it is imperative that these vulnerabilities are addressed in order to prevent potential future attacks. In light of the increasing prevalence of cyber threats, it is imperative that both individual users and organisations utilising Intel processors implement updates to their systems.