Intel Product Security Update Advisory
Overview
We have released a security update to fix vulnerabilities in Intel products. users of affected products are advised to update to the latest version.
Affected Products
Cve-2024-39368, cve-2024-28028, cve-2024-39766
- Intel® Neural Compressor software versions: ~ 3.0 (excluded)
CVE-2024-32483
- Intel® EMA software versions: ~ 1.13.1.0 (excluded)
CVE-2024-36488
- Intel® DSA software versions: ~ 24.3.26.8 (excluded)
CVE-2024-36242
- 3rd Gen Intel® Xeon® Scalable processor family
- Intel® Xeon® D Processor
- 4th Generation Intel® Xeon® Scalable processors
- 4th Generation Intel® Xeon® Platinum processors
- 4th Generation Intel® Xeon® Gold Processors
- 4th Generation Intel® Xeon® Silver Processor
- 4th Generation Intel® Xeon® Bronze Processor
- Intel® Xeon® CPU Max Series processors (High Bandwidth Memory HBM)
- 4th Generation Intel® Xeon® Edge Enhanced Processors
- 4th Gen Intel Xeon Scalable Processors with Intel® vRAN
- Intel® Xeon® W2400 and W3400 Processors
- 5th Generation Intel® Xeon® Scalable processors
CVE-2024-21799
- Intel® Extension for Transformers software version: ~ 1.5 (excluded)
CVE-2024-36282
- Intel® Server Board S2600ST Family BIOS and Firmware Update software all versions
CVE-2024-36482
- Intel® CIP software versions: ~ 2.4.10852 (excluded)
Cve-2024-33617, cve-2024-28885, cve-2024-31074
- Intel® QAT Engine for OpenSSL software version: ~ 1.6.1 (excluded)
Cve-2024-31158, cve-2024-31154, cve-2024-41167, cve-2024-40885, cve-2024-39609
- Intel® Server Board M70KLP Family
- Intel® Server Board M10JNP2SB Family
- Intel® Server Board M20NTP Family
- Intel® Server Board S2600BPBR Family
- Intel® Server Board S2600BP Family
Cve-2024-38665, cve-2024-34023
- Intel® 7th-10th Gen Processor Graphics for Windows driver version: ~ 31.0.101.2128 (excluded)
- Intel® Arc™ & Iris® Xe Graphics for Windows driver version: ~ 31.0.101.5518 (excluded)
- Intel® Arc™ Pro Graphics for Windows driver version: ~ 31.0.101.5525 (excluded)
- Intel® Data Center GPU Flex Series for Windows driver version: ~ 31.0.101.5522 (excluded)
- Intel® Media Driver for VAAPI software version: ~ 24.1.1 (excluded)
Cve-2024-22185, cve-2024-24985
- 4th Generation Intel® Xeon® Processor Scalable Family
- 5th Generation Intel® Xeon® Processor Scalable Family
Cve-2024-21820, cve-2024-23918
- 3rd Generation Intel® Xeon® Processor Scalable Family
- Intel® Xeon® D Processor
- 4th Generation Intel® Xeon® Processor Scalable Family
- 5th Generation Intel® Xeon® Processor Scalable Family
Resolved Vulnerabilities
Vulnerability that could potentially allow an authenticated user to escalate privileges through neighboring access due to improper neutralization of special elements used in SQL commands (‘SQL injection’) (CVE-2024-39368)
Improper input validation could potentially allow an unauthenticated user to escalate privileges through neighboring access (CVE-2024-28028)
Improperly disabling special elements used in SQL commands could allow an authenticated user to escalate privileges via local access (CVE-2024-39766)
Vulnerability that could allow an authenticated user to escalate privileges through local access due to improper access control (CVE-2024-32483, CVE-2024-36488)
A protection mechanism error in SPP could potentially allow an authenticated user to escalate privileges via local access (CVE-2024-36242)
Vulnerability that could allow an authenticated user to escalate privileges through local access via path traversal (CVE-2024-21799)
Vulnerabilities that could potentially allow a privileged user to escalate privileges via local access due to improper input validation (CVE-2024-36282, CVE-2024-36482)
Vulnerability that could allow information to be disclosed via network access due to lack of control flow management (CVE-2024-33617)
Observable inconsistency could allow information to be disclosed via network access (CVE-2024-28885)
Vulnerability that could allow information disclosure via network access due to an observable time inconsistency (CVE-2024-31074)
Vulnerabilities in UEFI firmware due to improper input validation, which could potentially allow a privileged user to escalate privileges via local access (CVE-2024-31158, CVE-2024-31154, CVE-2024-41167)
Vulnerability in UEFI firmware when used after release that could potentially allow privilege escalation via local access by a privileged user (CVE-2024-40885)
Vulnerability in UEFI firmware due to improper access control that could potentially allow a privileged user to escalate privileges via local access (CVE-2024-39609)
An out-of-bounds write in the graphics driver could potentially allow an authenticated user to escalate privileges via local access (CVE-2024-38665)
Untrusted pointer dereference in the graphics driver could potentially allow an authenticated user to escalate privileges via local access (CVE-2024-34023)
Time-of-check Time-of-use Race Condition could potentially allow an authorized user to escalate privileges via local access (CVE-2024-22185)
Vulnerability where resources are exposed in the wrong zone, which could potentially allow a privileged user to escalate privileges via local access (CVE-2024-24985)
Vulnerability in memory controller configuration with incorrect default privileges that could allow a privileged user to escalate privileges via local access (CVE-2024-21820)
Vulnerability that allows a privileged user to escalate privileges via local access when improper condition checking occurs in memory controller configuration (CVE-2024-23918)
Vulnerability Patches
vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
Cve-2024-39368, cve-2024-28028, cve-2024-39766
- Intel® Neural Compressor software version: 3.0 and at least version 3.0
CVE-2024-32483
- Intel® EMA software version: 1.13.1.0 or later version at least
CVE-2024-36488
- Intel® DSA software versions: 24.3.26.8 or at least later versions
CVE-2024-36242
- see recommendations in the reference site [5]
CVE-2024-21799
- Intel® Extension for Transformers software version: 1.5 and at least version 1.5
CVE-2024-36282
these products have been discontinued and we recommend that you uninstall or discontinue use of the software as soon as possible.
- for more information, see the reference site[8]
CVE-2024-36482
- Intel® CIP software version: 2.4.10852 or at least
Cve-2024-33617, cve-2024-28885, cve-2024-31074
- Intel® QAT Engine for OpenSSL software version: 1.6.1 or later version at least
Cve-2024-31158, cve-2024-31154, cve-2024-41167, cve-2024-40885, cve-2024-39609
- Intel® Server Board M70KLP version: 01.04.0030 or later version at least
this family has been discontinued and we recommend uninstalling or discontinuing use of the software as soon as possible, see reference [12] for more information.
- Intel® Server Board M10JNP2SB Family
- Intel® Server Board M20NTP Family
- Intel® Server Board S2600BPBR Family
- Intel® Server Board S2600BP Family
Cve-2024-38665, cve-2024-34023
- Intel® 7th-10th Gen Processor Graphics for Windows driver version: 31.0.101.2128 or at least
- Intel® Arc™ & Iris® Xe Graphics for Windows driver version: 31.0.101.5518 or at least later
- Intel® Arc™ Pro Graphics for Windows driver version: 31.0.101.5525 or at least later
- Intel® Data Center GPU Flex Series for Windows driver version: 31.0.101.5522 or at least later
- Intel® Media Driver for VAAPI software version: 24.version 1.1 or later at least
Cve-2024-22185, cve-2024-24985, cve-2024-21820, cve-2024-23918
we recommend updating to the latest version provided by your system manufacturer.
references
[1] Intel® Neural Compressor Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01219.html
[2] Intel® EMA Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01201.html
[3] Intel® DSA Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01200.html
[4] Intel® Processor (SPP) Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01196.html
[5] Sub-page Permission/CVE-2024-36242/INTEL-SA-01196
[6] Intel® Extension for Transformers Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01190.html
[7] Intel® Server Board S2600ST Family BIOS and Firmware Update software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01183.html
[8] Intel® Server Board S2600ST Family BIOS and Firmware Update Package for UEFI
[9] Intel® CIP Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01182.html
[10] Intel® QuickAssist Technology Engine for OpenSSL Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01177.html
[11] Intel® Server Products UEFI Firmware Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01175.html
[12] Intel® Server Board discontinuation notice
https://ark.intel.com/content/www/us/en/ark/products/series/93091/intel-server-board-s2600bpr.html
https://ark.intel.com/content/www/us/en/ark/products/215605/intel-server-system-m20ntp1ur304.html
https://ark.intel.com/content/www/us/en/ark/products/197377/intel-server-board-m10jnp2sb.html
[13] Intel® Graphics Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01132.html
[14] Intel® ACTM Module Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01111.html
[15] Intel® Xeon® Processor with Intel® SGX Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01079.html