Intel has recently taken steps to address critical security vulnerabilities in its products, including the Neural Compressor software and UEFI server firmware. These security gaps could potentially lead to privilege escalation and information leaks, posing a significant risk to users.
One of the key vulnerabilities identified is in the Intel Neural Compressor software, specifically in versions prior to 2.5.0. This vulnerability, known as CVE-2024-22476, has a critical rating of 10.0 due to insufficient input validation, allowing for remote privilege escalation. Another vulnerability, CVE-2024-21792, has a rating of 4.7 and can lead to local information disclosure. Intel recommends that users update to version 2.5.0 or later to address these issues.
In addition to the Neural Compressor software, Intel has also discovered security vulnerabilities in the UEFI firmware of certain server products, such as the Intel Server D50DNP, M50FCP, and Board S2600BP families. These vulnerabilities, including CVE-2024-22382, CVE-2024-23487, and CVE-2024-23980, have high CVSS scores ranging from 7.2 to 7.5. Intel advises users to update the firmware of affected products and recommends that S2600BP users upgrade to newer models, as the older model is no longer supported.
Furthermore, the Intel Processor Diagnostic Tool software has also been found to have a vulnerability in versions prior to 4.1.9.41. This vulnerability, identified as CVE-2024-21831, could potentially allow an authenticated user to escalate privileges through local access. While this vulnerability is rated as moderate severity, Intel strongly encourages users to update to version 4.1.9.41 or later to mitigate the risk. Updates for the software are readily available on Intel’s website.
It is crucial for users of Intel products to stay informed about these security vulnerabilities and take appropriate actions to protect their systems and data. By promptly updating software and firmware to the latest versions, users can minimize the risk of exploitation and enhance the security of their devices. For more information and detailed instructions on how to update Intel products, visit Intel’s official website. Stay safe and secure in the digital world!