IEI Security Advisory

IEI Security Advisory

Providing customers with safe and reliable products is at the core of our mission. We provide this platform for customers to obtain real-time information. Meanwhile, we will continue to identify and resolve security vulnerabilities to ensure system security and mitigate potential risks.

The recently identified security vulnerabilities are listed in the following table.

Date Vulnerabilities or Exposures Description Security Website Reference
2022/2/8 INTEL-SA-00639 Potential security vulnerabilities in the Intel® Trace Analyzer and Collector may allow denial of service or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities. Click Here
2022/2/8 INTEL-SA-00632 Potential security vulnerabilities in Intel® Quartus® Prime Pro and Standard Editions may allow escalation of privilege, denial of service, or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities. Click Here
2022/2/8 INTEL-SA-00622 A potential security vulnerability in the Intel® Advisor software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2022/2/8 INTEL-SA-00604 Potential security vulnerabilities in some Intel® Wireless Bluetooth and Killer™ Bluetooth products may allow denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Click Here
2022/2/8 INTEL-SA-00600 A potential security vulnerability in the Intel® Integrated Performance Primitives (IPP) Cryptography software library may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2022/2/8 INTEL-SA-00594 A potential security vulnerability in the Intel® Advisor may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2022/2/8 INTEL-SA-00589 A potential security vulnerability in some Intel Atom® Processors may allow information disclosure or denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability. Click Here
2022/2/8 INTEL-SA-00588 A potential security vulnerability in the Intel® RealSense™ Depth Camera Manager (DCM) software may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2022/2/8 INTEL-SA-00582 Potential security vulnerabilities in some Intel® PROSet/Wireless WiFi and Killer™ WiFi products may allow escalation of privilege, denial of service or information disclosure. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. Click Here
2022/2/8 INTEL-SA-00581 A potential security vulnerability in some Intel® Wireless Bluetooth products and Killer™ Bluetooth products may allow denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. Click Here
2022/2/8 INTEL-SA-00575 A potential security vulnerability in the Intel® Active Management Technology (AMT) SDK, Intel® Setup and Configuration Software (SCS) and Intel® Management Engine BIOS eXtensions (MEBx) may allow escalation of privilege. Intel is releasing software and firmware updates to mitigate this potential vulnerability. Click Here
2022/2/8 INTEL-SA-00574 A potential security vulnerability in the Intel® Graphics Performance Analyzers (GPA) software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2022/2/8 INTEL-SA-00571 Potential security vulnerabilities in the Intel® 82599 Ethernet Series Controllers and Adapters may allow denial of service. Intel is releasing software updates and prescriptive guidance to address these potential vulnerabilities. Click Here
2022/2/8 INTEL-SA-00561 A potential security vulnerability in some Intel® Processors may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. Click Here
2022/2/8 INTEL-SA-00539 Potential security vulnerabilities in some Intel® PROSet/Wireless Wi-Fi, Intel® Active Management Technology (Intel® AMT) Wireless and Killer™ Wi-Fi may allow escalation of privilege, denial of service or information disclosure. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. Click Here
2022/2/8 INTEL-SA-00532 A potential security vulnerability in some Intel® processors that may allow a denial of service. Intel® is releasing firmware updates to mitigate this potential vulnerability. Click Here
2022/2/8 INTEL-SA-00527 Potential security vulnerabilities in the BIOS firmware for some Intel® Processors may allow escalation of privilege, denial of service or information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Click Here
2022/2/8 INTEL-SA-00470 Potential security vulnerabilities in some Intel® Chipset Firmware in Intel® Server Platform Services (SPS), Intel® Active Management Technology (AMT) and the Intel Power Management Controller (PMC) may allow escalation of privilege or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Click Here
2022/1/17 AMD-SB-1034 AMD has completed our investigation of the Apache Log4j vulnerability. AMD believes no AMD products are affected. CVE: CVE-2021-44228 Click Here
2022/1/12 INTEL-SA-00646 Security vulnerabilities in Apache Log4j2 for some Intel® products may allow escalation of privilege or denial of service. Intel is releasing product updates to mitigate these vulnerabilities. Click Here
2021/12/16 INTEL-SA-00562 Potential security vulnerabilities in the BIOS reference code for some Intel® Processors may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Click Here
2021/12/6 AMD-SB-1023 "A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to flush the Translation Lookaside Buffer (TLB) resulting in unexpected behavior inside the virtual machine (VM). CVE: CVE-2021-26340" Click Here
2021/11/9 INTEL-SA-00584 A potential security vulnerability in the Safestring library maintained by Intel® may allow escalation of privilege. Intel is releasing a library update to mitigate this potential vulnerability. Click Here
2021/11/9 INTEL-SA-00569 Potential security vulnerabilities in the Intel® NUC M15 Laptop Kit driver pack may allow denial of service or escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Click Here
2021/11/9 INTEL-SA-00568 Potential security vulnerabilities in the Intel® NUC HDMI™ Firmware Update Tool may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Click Here
2021/11/9 INTEL-SA-00567 A potential security vulnerability in some Intel® NUCs may allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability. Click Here
2021/11/9 INTEL-SA-00566 Potential security vulnerabilities in some Intel® Graphics Drivers may allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. Click Here
2021/11/9 INTEL-SA-00565 A potential security vulnerability in the Crypto API Toolkit for Intel® SGX may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/11/9 INTEL-SA-00564 A potential security vulnerability in the Intel® oneAPI Rendering Toolkit may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/11/9 INTEL-SA-00560 A potential security vulnerability in the Intel® Serial IO driver for Intel® NUC 11 Gen may allow escalation of privilege. Intel is releasing a software update to mitigate this potential vulnerability. Click Here
2021/11/9 INTEL-SA-00557 A potential security vulnerability in the Intel® RealSense™ D400 Series Universal Windows Platform (UWP) driver for Windows 10 may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/11/9 INTEL-SA-00556 A potential security vulnerability in the Intel® VTune™ Profiler may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/11/9 INTEL-SA-00555 Potential security vulnerabilities in some Intel® Ethernet drivers may allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. Click Here
2021/11/9 INTEL-SA-00554 Potential security vulnerabilities in firmware for some Intel® Ethernet controllers may allow denial of service or escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Click Here
2021/11/9 INTEL-SA-00551 A potential security vulnerability in Intel® oneAPI Toolkits may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/11/9 INTEL-SA-00547 A potential security vulnerability in the Intel® SoC Watch driver may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/11/9 INTEL-SA-00540 Potential security vulnerabilities in the installer for some Intel® Wireless Bluetooth and Killer™ Bluetooth products may allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. Click Here
2021/11/9 INTEL-SA-00538 A potential security vulnerability in the Intel® Distribution of OpenVINO™ Toolkit may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/11/9 INTEL-SA-00533 A potential security vulnerability in some Intel® Thunderbolt™ Declarative Componentized Hardware (DCH) Drivers for Windows may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/11/9 INTEL-SA-00528 A potential security vulnerability in some Intel® Processors may allow escalation of privilege. Intel is releasing firmware updates to mitigate this potential vulnerability. Click Here
2021/11/9 INTEL-SA-00524 A potential security vulnerability in the Intel® Ethernet Diagnostic Driver for Windows may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/11/9 INTEL-SA-00509 Potential security vulnerabilities in some Intel® PROSet/Wireless WiFi and Killer™ WiFi may allow escalation of privilege, denial of service or information disclosure. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. Click Here
2021/11/9 INTEL-SA-00482 A potential security vulnerability in the Intel® Endpoint Management Assistant (EMA) may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/11/9 INTEL-SA-00481 Potential security vulnerabilities in some Intel® Core™ processors with Radeon™ RX Vega M GL integrated graphics may allow escalation of privilege, denial of service or information disclosure. Intel and AMD are releasing driver updates to mitigate these potential vulnerabilities. Click Here
2021/11/9 INTEL-SA-00393 A potential security vulnerability in the Intel® Thunderbolt™ non-DCH (Declarative Componentized Hardware) driver for Windows may allow escalation of privilege. Intel is releasing software updates and prescriptive guidance to mitigate this potential vulnerability. Click Here
2021/11/9 AMD-SB-1021 During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Platform Security Processor (PSP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV) and other platform components were discovered and have been mitigated in AMD EPYC™ AGESA™ PI packages. CVE: CVE-2020-12944, CVE-2020-12946, CVE-2020-12951, CVE-2020-12954, CVE-2020-12961, CVE-2020-12988, CVE-2021-26312, CVE-2021-26315, CVE-2021-26320, CVE-2021-26321, CVE-2021-26322, CVE-2021-26323, CVE-2021-26325, CVE-2021-26326, CVE-2021-26327, CVE-2021-26329, CVE-2021-26330, CVE-2021-26331, CVE-2021-26335, CVE-2021-26336, CVE-2021-26337, CVE-2021-26338" Click Here
2021/11/9 AMD-SB-1016 The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user. CVE: CVE-2021-26334 Click Here
2021/11/9 AMD-SB-1000 In a comprehensive analysis of the AMD Escape calls, a potential set of weaknesses in several APIs was discovered, which could result in escalation of privilege, denial of service, information disclosure, KASLR bypass, or arbitrary write to kernel memory. CVE: CVE-2020-12902, CVE-2020-12891, CVE-2020-12892, CVE-2020 -12893, CVE-2020-12894, CVE-2020-12895, CVE-2020-12898, CVE-2020-12901, CVE-2020-12903, CVE-2020-12900, CVE-2020-12929, CVE-2020-12960, CVE-2020-12980, CVE-2020-12981, CVE-2020-12982, CVE-2020-12983, CVE-2020-12985, CVE-2020-12962, CVE-2020-12904, CVE-2020-12905, CVE-2020-12920, CVE-2020-12964, CVE-2020-12987, CVE-2020-12920, CVE-2020-12899, CVE-2020-12897, CVE-2020-12963 Click Here
2021/10/12 INTEL-SA-00548 A potential security vulnerability in Intel® Software Guard Extensions (SGX) Software Development Kit (SDK)applications compiled for SGX2-enabled processors may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/10/12 INTEL-SA-00544 Potential security vulnerabilities in the Intel® Hardware Accelerated Execution Manager (HAXM) software may allow escalation of privilege or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities. Click Here
2021/10/12 AMD-SB-1017 A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information. CVE: CVE-2021-26318 Click Here
2021/9/14 AMD-SB-1009 An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages. CVE: CVE-2021-26333 Click Here
2021/8/10 INTEL-SA-00515 Potential security vulnerabilities in some Intel® Ethernet Controllers X722 and 800 series Linux drivers may allow denial of service, escalation of privilege or information disclosure. Intel is releasing software driver updates to mitigate these potential vulnerabilities. Click Here
2021/8/10 INTEL-SA-00512 A potential security vulnerability in some Intel® Optane™ Persistent Memory (PMem) may allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability. Click Here
2021/8/10 INTEL-SA-00508 Potential security vulnerabilities in some Intel® Graphics Drivers may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Click Here
2021/8/10 INTEL-SA-00479 Potential security vulnerabilities in the firmware for Intel® Ethernet Adapters 800 Series Controllers and associated adapters may allow denial of service or information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Click Here
2021/8/10 AMD-SB-1013 AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State (SEV-ES) and Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). A local authenticated attacker could potentially exploit this vulnerability leading to leaking guest data by the malicious hypervisor. CVE: CVE-2020-12966 Click Here
2021/8/10 AMD-SB-1010 When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage. CVE: CVE-2020-12965 Click Here
2021/7/13 INTEL-SA-00525 A potential security vulnerability in the customer build time configuration for the Intel BIOS Shared SW Architecture (BSSA) Design for Test (DFT) feature may allow escalation of privilege.  Intel is releasing detailed guidance to address this potential vulnerability. Click Here
2021/6/15 INTEL-SA-00546 A potential security vulnerability in the Intel® Brand Verification Tool may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/6/8 AMD-SB-1003 (CVE-2021-26313, CVE-2021-26314) Speculative Code Store Bypass and Floating-Point Value Injection Click Here
2021/6/8 New FAQ. Are Arm CPUs affected by the Data-Instruction cache synchronization (SCSB) transient execution attack described in the recently published report "Rage Against the Machine Clear: A Systematic Analysis of Machine Clears and Their Implications for Transient Execution Attack" published in June 2021? Click Here
2021/6/8 INTEL-SA-00545 A potential security vulnerability in the Intel® Rapid Storage Technology software may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/6/8 INTEL-SA-00541 A potential security vulnerability in the Intel® Optane™ DC Persistent Memory for Windows software may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/6/8 INTEL-SA-00537 A potential security vulnerability in the Intel® SSD Data Center Tool may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/6/8 INTEL-SA-00530 Improper permissions in the installer for the Intel(R) Computing Improvement Program software before version 2.4.5982 may allow an authenticated user to potentially enable escalation of privilege via local access. Click Here
2021/6/8 INTEL-SA-00521 Key exchange without entity authentication in the Intel(R) Security Library before version 3.3 may allow an authenticated user to potentially enable escalation of privilege via network access. Click Here
2021/6/8 INTEL-SA-00520 Improper access control in some Intel(R) Wireless Bluetooth(R) products in multiple operating systems and Killer(TM) Bluetooth(R) products in Windows 10 may allow an unauthenticated user to potentially enable information disclosure via adjacent access. Click Here
2021/6/8 INTEL-SA-00518 Insecure inherited permissions in the installer for the Intel(R) VTune(TM) Profiler before version 2021.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Click Here
2021/6/8 INTEL-SA-00517 Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. Click Here
2021/6/8 INTEL-SA-00516 Observable response discrepancy in floating-point operations for some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. Click Here
2021/6/8 INTEL-SA-00510 Improper link resolution before file access in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access. Click Here
2021/6/8 INTEL-SA-00506 Unquoted service path in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access. Click Here
2021/6/8 INTEL-SA-00500 Improper input validation in the Intel(R) SPS versions before SPS_E5_04.04.04.023.0, SPS_E5_04.04.03.228.0 or SPS_SoC-A_05.00.03.098.0 may allow a privileged user to potentially enable denial of service via local access. Click Here
2021/6/8 INTEL-SA-00477 Observable timing discrepancy in Intel(R) IPP before version 2020 update 1 may allow authorized user to potentially enable information disclosure via local access. Click Here
2021/6/8 INTEL-SA-00476 Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. Click Here
2021/6/8 INTEL-SA-00474 Buffer overflow in the BMC firmware for Intel(R) Server BoardM10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable an escalation of privilege via adjacent access. Click Here
2021/6/8 INTEL-SA-00472 Insecure inherited permissions in some Intel(R) ProSet/Wireless WiFi drivers may allow an authenticated user to potentially enable information disclosure and denial of service via adjacent access. Click Here
2021/6/8 INTEL-SA-00465 Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Click Here
2021/6/8 INTEL-SA-00464 Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Click Here
2021/6/8 INTEL-SA-00463 Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Click Here
2021/6/8 INTEL-SA-00460 Protection mechanism failure in some Intel(R) RealSense(TM) IDs may allow an unauthenticated user to potentially enable escalation of privilege via physical access. Click Here
2021/6/8 INTEL-SA-00459 Potential security vulnerabilities in the Intel® Converged Security and Manageability Engine (CSME), Server Platform Services (SPS), and Intel® Local Manageability Service (Intel® LMS) may allow escalation of privilege or information disclosure.  Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. Click Here
2021/6/8 INTEL-SA-00458 Uncontrolled search path element in the Intel(R) Processor Diagnostic Tool before version 4.1.5.37 may allow an authenticated user to potentially enable escalation of privilege via local access. Click Here
2021/6/8 INTEL-SA-00442 A potential security vulnerability in some Intel® Virtualization Technology for Directed I/0 (VT-d) products may allow escalation of privilege. Intel is releasing firmware updates to mitigate this potential vulnerability. Click Here
2021/6/8 INTEL-SA-00440 A potential security vulnerability in the Intel® Field Programmable Gate Array (FPGA) Open Programmable Acceleration Engine (OPAE) driver for Linux may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/6/8 INTEL-SA-00401 Potential security vulnerabilities in some Intel® Thunderbolt™ controllers may allow denial of service.  Intel is releasing firmware updates to mitigate these potential vulnerabilities. Click Here
2021/5/19 Updated information on Cortex-A78AE, Arm Neoverse V1, Arm Neoverse N2, and Cortex-X1 added. Document updated to include information on Armv9. Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism Click Here
2021/5/11 INTEL-SA-00473 Potential security vulnerabilities in some Intel® PROSet/Wireless WiFi and Intel vPro® Converged Security and Management Engine (CSME) WiFi and Killer™ WiFi may allow denial of service. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. Click Here
2021/5/11 AMD-SB-1004 (CVE-2020-12967, CVE-2021-26311) AMD has provided mitigation in the SEV-SNP feature which is available for enablement in 3rd Gen AMD EPYC™ processors.The mitigation requires the use of SEV-SNP, which is only supported on 3rd Gen AMD EPYC™.Prior generations of AMD EPYC™ do not support SEV-SNP. For earlier AMD EPYC™ products, AMD recommends following security best practices. Click Here
2021/5/4 AMD-SB-1006 AMD has reviewed the research paper and believes existing mitigations were not being bypassed and no new mitigations are required. AMD recommends its existing side-channel mitigation guidance and standard secure coding practices be followed. Click Here
2021/2/24 RAPL (CVE-2020-12912) A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access. Click Here
2021/2/24 TPM Vulnerability - Non orderly shutdown failed tries (CVE-2020 12926) AMD was notified by the Trusted Computing Group (TCG) that its Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD believes that the attack requires physical access of the device because the power must be repeatedly turned on and off. This potential attack may be used to change confidential information, alter executables signed by key material in the TPM, or create a denial of service of the device. Click Here
2021/2/24 Privilege Escalation in atillk64.sys (CVE-2020-12927) A potential vulnerability in a dynamically loaded AMD driver in AMD VBIOS Flash Tool SDK may allow any authenticated user to escalate privileges to NT authority system. Click Here
2021/2/9 INTEL-SA-00475 A potential security vulnerability in the Intel® Trace Analyzer and Collector may allow an escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/2/9 INTEL-SA-00471 A potential security vulnerability in the Intel® System-on-a-Chip (SOC) Driver Package for STK1A32SC may allow escalation of privilege.  Intel is releasing a software update to mitigate this potential vulnerability. Click Here
2021/2/9 INTEL-SA-00462 Potential security vulnerabilities in some Intel® Ethernet E810 Adapter Drivers for Linux and Windows* may allow denial of service or information disclosure.  Intel is releasing driver updates to mitigate these potential vulnerabilities. Click Here
2021/2/9 INTEL-SA-00457 A potential security vulnerability in the Intel® Solid State Drive (SSD) Toolbox may allow escalation of privilege.  Intel is not releasing updates to mitigate this potential vulnerability and has replaced it with the Intel® Memory and Storage (MAS) Tool. Click Here
2021/2/9 INTEL-SA-00456 Potential security vulnerabilities in some Intel® Ethernet Controllers may allow denial of service.  Intel is releasing firmware updates to mitigate these potential vulnerabilities. Click Here
2021/2/9 INTEL-SA-00455 A potential security vulnerability in the Intel® Software Guard Extensions (SGX) may allow information disclosure.  Intel released firmware updates to mitigate this potential Click Here
2021/2/9 INTEL-SA-00451 A potential security vulnerability in the Intel® Quartus Prime Pro and Standard edition software may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/2/9 INTEL-SA-00450 A potential security vulnerability in the Intel® Extreme Tuning Utility (XTU) may allow denial of service.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/2/9 INTEL-SA-00448 A potential security vulnerability in some Intel® PROSet/Wireless WiFi and Killer™ drivers for Windows 10* may allow information disclosure or denial of service. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/2/9 INTEL-SA-00445 A potential security vulnerability in the Intel® Enhance Privacy ID (EPID) SDK may allow an escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/2/9 INTEL-SA-00444 A potential security vulnerability in the Intel® Software Guard Extensions (SGX) Platform Software for Windows* may allow denial of service.  Intel has released software updates to mitigate this potential vulnerability. Click Here
2021/2/9 INTEL-SA-00443 A potential security vulnerability in the Intel® Server Board Onboard Video Driver for Windows* may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/2/19 INTEL-SA-00438 Potential security vulnerabilities in some Intel® Graphics Drivers may allow escalation of privilege, denial of service and/or information disclosure.  Intel is releasing software updates to mitigate these potential vulnerabilities. Click Here
2021/2/9 INTEL-SA-00436 A potential security vulnerability in the Intel® Optane™ DC Persistent Memory installer for Windows* may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/2/9 INTEL-SA-00434 Potential security vulnerabilities in some Intel® Server Boards, Server Systems and Compute Modules Baseboard Management Controller (BMC) firmware may allow escalation of privilege or information disclosure.  Intel is releasing firmware updates to mitigate these potential vulnerabilities. Click Here
2021/2/9 INTEL-SA-00425 A potential security vulnerability in the Intel® Collaboration Suite for WebRTC may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/2/9 INTEL-SA-00397 A potential security vulnerability in the Intel® RealSense™ Depth Camera Manager (DCM) may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/2/9 INTEL-SA-00318 Potential security vulnerabilities in the Intel® Ethernet I210 Controller series of network adapters may allow denial of service.  Intel is releasing firmware updates to mitigate these potential vulnerabilities. Click Here
2020/11/10  RAPL (CVE-2020-12912) “Software-based Power Side Channel Attacks on AMD”, researchers from Graz University of Technology describe a differential power analysis method to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks.   Click Here
 2020/11/10  TPM Vulnerability - Non orderly shutdown failed tries (CVE-2020 12926)  AMD was notified by the Trusted Computing Group (TCG) that its Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD believes that the attack requires physical access of the device because the power must be repeatedly turned on and off.   This potential attack may be used to change confidential information, alter executables signed by key material in the TPM, or create a denial of service of the device.   Click Here
 2020/11/10  Privilege Escalation in atillk64.sys (CVE-2020-12927)  A researcher (h0mbre pwner) notified AMD of a potential vulnerability in a driver created with the AMD VBIOS Flash Tool Software Development Kit (SDK). The disclosed vulnerability may allow low privileged users to potentially escalate privilege to administrator privileges on Windows. The potential vulnerability is in the AMD VBIOS Flash Tool Software Development Kit (SDK) used by customers to create drivers. AMD has provided mitigations in the AMD VBIOS Flash Tool Software Development Kit (SDK) 3.12. Click Here
 2020/11/10  INTEL-SA-00449  A potential security vulnerability in the Intel® Driver & Support Assistant (DSA) may allow denial of service.  Intel is releasing a software update to mitigate this potential vulnerability. Click Here
 2020/11/10  INTEL-SA-00447  A potential security vulnerability in Intel® Board ID Tool may allow escalation of privilege.  Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for Intel® Board ID Tool. Click Here
 2020/11/10  INTEL-SA-00429  A potential security vulnerability in the Intel® Extreme Tuning Utility (XTU) may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
 2020/11/10  INTEL-SA-00422  Potential security vulnerabilities in some Intel® Thunderbolt™ DCH drivers for Windows* may allow escalation of privilege or information disclosure.  Intel is releasing updates to mitigate these potential vulnerabilities. Click Here
 2020/11/10  INTEL-SA-00420  A potential security vulnerability in the Intel® QuickAssist Technology (QAT) for Linux may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
 2020/11/10  INTEL-SA-00419  A potential security vulnerability in the Intel® Processor Identification Utility may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
 2020/11/10  INTEL-SA-00417  A potential security vulnerability in the Intel® Advisor tools may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
 2020/11/10  INTEL-SA-00413  A potential security vulnerability in the Intel® Setup and Configuration Software (SCS) Add-on for Microsoft* System Center Configuration Manager (SCCM) may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
 2020/11/10  INTEL-SA-00412  Potential security vulnerabilities in the Intel® Endpoint Management Assistant (EMA) may allow escalation of privilege or information disclosure.  Intel is releasing software updates to mitigate these potential vulnerabilities. Click Here
 2020/11/10  INTEL-SA-00410  A potential security vulnerability in the Intel® Computing Improvement Program may allow information disclosure.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
 2020/11/10  INTEL-SA-00409  A potential security vulnerability in some Intel® High Definition Audio drivers may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
 2020/11/10  INTEL-SA-00403  Potential security vulnerabilities in some Intel® Wireless Bluetooth products may allow escalation of privilege or denial of service. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. Click Here
 2020/11/10  INTEL-SA-00402  Potential security vulnerabilities in some Intel® PROSet/Wireless WiFi products may allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. Click Here
 2020/11/10  INTEL-SA-00400  A potential security vulnerability in the Intel® 50 Gbps Ethernet (50GbE) Intellectual Property (IP) Core for Intel® Quartus Prime may allow denial of service.  Intel is releasing a software update to mitigate this potential vulnerability. Click Here
 2020/11/10  INTEL-SA-00391  Potential security vulnerabilities in Intel® Converged Security and Manageability Engine (CSME), Server Platform Services (SPS), Intel® Trusted Execution Engine (TXE), Intel® Dynamic Application Loader (DAL), Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM) and Intel® Dynamic Application Loader (Intel® DAL) may allow escalation of privilege, denial of service or information disclosure.  Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. Click Here
2020/11/10   INTEL-SA-00390    Potential security vulnerabilities in Intel BIOS platform sample code for some Intel® Processors may allow escalation of privilege.  Intel is releasing BIOS platform sample code updates to mitigate these potential vulnerabilities. Click Here
 2020/11/10  INTEL-SA-00389 Potential security vulnerabilities in the Intel® Running Average Power Limit (RAPL) Interface may allow information disclosure.  Intel is releasing microcode and Linux driver updates to mitigate these potential vulnerabilities.   Click Here
 2020/11/10  INTEL-SA-00381  Potential security vulnerabilities in some Intel® Processors may allow information disclosure.  Intel is releasing firmware updates to mitigate these potential vulnerabilities. Click Here
 2020/11/10 INTEL-SA-00380    Potential security vulnerabilities in Intel® Ethernet 700 Series Controllers may allow escalation of privilege and/or denial of service.  Intel is releasing firmware updates to mitigate these potential vulnerabilities. Click Here
2020/11/10 INTEL-SA-00362 Potential security vulnerabilities in multiple Intel® Solid State Drive (SSD) products may allow information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Click Here
2020/11/10 INTEL-SA-00360 A potential security vulnerability in the Power Management Controller (PMC) for some Intel® Processors may allow escalation of privilege.  Intel is releasing firmware updates to mitigate this potential vulnerability. Click Here
2020/11/10 INTEL-SA-00358 Potential security vulnerabilities in the BIOS firmware for some Intel® Processors may allow escalation of privilege or denial of service.  Intel is releasing firmware updates to mitigate this potential vulnerability. Click Here
2020/11/10 INTEL-SA-00262 >A potential security vulnerability in the Intel® Media SDK for Windows* may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2020/10/13 Escape Handler (CVE-2020-12933) Cisco Talos has published a new potential vulnerability in AMD graphics drivers, which may result in a blue screen. The issue was addressed in Radeon™ Software Adrenalin 2020 Edition Click Here
2020/10/13 AMD Ryzen Master™ Driver Vulnerability (CVE-2020-12928) A researcher has discovered a potential security vulnerability impacting AMD Ryzen™ Master that may allow authenticated users to elevate from user to system privileges. AMD has released a mitigation in AMD Ryzen Master 2.2.0.1543. AMD believes that the attack must come from a non-privileged process already running on the system when the local user runs AMD Ryzen™ Master and that a remote attack has not been demonstrated. Click Here
2020/10/7 CreateAllocation (CVE-2020-12911)  A new potential vulnerability in AMD graphics drivers, which may result in a blue screen. AMD believes that confidential information and long-term system functionality are not impacted, and that the user can resolve the issue by restarting the computer. AMD plans to issue updated graphics drivers to address the issue in the first quarter of 2021. Click Here
2020/9/8 INTEL-SA-00405 A potential security vulnerability in the Intel® Driver & Support Assistant may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2020/9/8 INTEL-SA-00404 Potential security vulnerability in Intel® Active Management Technology (AMT), and Intel® Standard Manageability (ISM) may allow escalation of privilege.  Intel is releasing firmware updates to mitigate this potential vulnerability. Click Here
2020/9/8 INTEL-SA-00356 Potential security vulnerabilities in BIOS firmware for multiple Intel Platforms may allow escalation of privilege, denial of service and/or information disclosure. Intel is releasing BIOS updates to mitigate these potential vulnerabilities. Click Here
2020/9/8 INTEL-SA-00347 Potential security vulnerabilities in BIOS firmware for multiple Intel Platforms may allow escalation of privilege, denial of service and/or information disclosure.  Intel is releasing BIOS updates to mitigate these potential vulnerabilities. Click Here
2020/8/11 INTEL-SA-00411 A potential security vulnerability in some Intel® Thunderbolt™ controllers may allow information disclosure.  Intel is releasing prescriptive guidance to mitigate this potential vulnerability. Click Here
2020/8/11 INTEL-SA-00406 A potential security vulnerability in the Intel® SSD Data Center Tool (DCT) may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2020/8/11 INTEL-SA-00399 A potential security vulnerability in the Intel® Distribution of OpenVINO™ Toolkit may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2020/8/11 INTEL-SA-00394 A potential security vulnerability in the Intel® Mailbox Interface driver may allow escalation of privilege.  Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for the Intel® Mailbox Interface driver. Click Here
2020/8/11 INTEL-SA-00387 A potential security vulnerability in the Intel® Computing Improvement Program may allow escalation of privilege.  Intel is releasing updates to mitigate this potential vulnerability. Click Here
2020/8/11 INTEL-SA-00379 A potential security vulnerability in the Intel® Wireless for Open Source may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2020/8/11 INTEL-SA-00378 >A potential security vulnerability in the Intel® RAID Web Console 3 for Windows* may allow denial of service.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2020/8/11 INTEL-SA-00377 A potential security vulnerability in the Intel® Rapid Storage Technology Enterprise (RSTe) Software RAID Driver may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2020/8/11 INTEL-SA-00369 Potential security vulnerabilities in some Intel® Graphics Drivers may allow escalation of privilege and/or denial of service.  Intel is releasing software updates to mitigate these potential vulnerabilities. Click Here
2020/8/11 INTEL-SA-00355 A potential security vulnerability in some Intel® PROSet/Wireless WiFi products may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2020/8/11 INTEL-SA-00337 Potential security vulnerabilities in some Intel® Wireless Bluetooth products may allow denial of service, information disclosure or escalation of privilege.  Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. Click Here
2020/7/14 Pixel Shader on Hyper-V (CVE-2020-6100, CVE-2020-6101, CVE-2020-6102, CVE-2020-6103) The research finds that on a compromised Windows guest Microsoft Hyper-V VM based on an AMD GPU or APU with an AMD graphics driver installed and with Microsoft’s RemoteFX 3D feature enabled, an attacker could potentially pass maliciously malformed pixel shaders and gain access to a host machine. Click Here
2020/6/17 SMM Callout Privilege Escalation (CVE-2020-12890) AMD is aware of new research related to a potential vulnerability in AMD software technology supplied to motherboard manufacturers for use in their Unified Extensible Firmware Interface (UEFI) infrastructure and plans to complete delivery of updated versions designed to mitigate the issue by the end of June 2020. Click Here
2020/6/9 INTEL-SA-00366 A potential security vulnerability in the Intel® Innovation Engine Build and Signing Tool may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2020/6/9 INTEL-SA-00322 Potential security vulnerabilities in BIOS firmware for some Intel® Processors may allow escalation of privilege and/or denial of service.  Intel is releasing firmware updates to mitigate these potential vulnerabilities. Click Here
2020/6/9 INTEL-SA-00320 A potential security vulnerability in some Intel® Processors may allow information disclosure.  Intel is releasing firmware updates to mitigate this potential vulnerability. Click Here
2020/6/9 INTEL-SA-00295 Potential security vulnerabilities in Intel® Converged Security and Manageability Engine (CSME), Intel® Server Platform Services (SPS), Intel® Trusted Execution Engine (TXE), Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM) and Intel® Dynamic Application Loader (DAL) may allow escalation of privilege, denial of service or information disclosure.  Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. Click Here
2020/4/14 INTEL-SA-00363 A potential security vulnerability in system firmware for some Intel® NUC may allow escalation of privilege. Intel is releasing a firmware update to mitigate this potential vulnerability. Click Here
2020/4/14 INTEL-SA-00359 A potential security vulnerability in the Intel® Binary Configuration Tool for Windows may allow escalation of privilege.  Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for the Intel® Binary Configuration Tool for Windows. Click Here
2020/4/14 INTEL-SA-00351 A potential security vulnerability in Intel® Modular Server MFS2600KI Compute Module may allow escalation of privilege or denial of service. Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for Intel® Modular Server MFS2600KI Compute Module. Click Here
2020/4/14 INTEL-SA-00344 A potential security vulnerability in the Intel® Driver and Support Assistant may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2020/4/14 INTEL-SA-00338 Potential security vulnerabilities in some Intel® PROSet/Wireless WiFi products may allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. Click Here
2020/4/14 INTEL-SA-00327 A potential security vulnerability in Intel® Data Migration Software may allow escalation of privilege. Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for Intel® Data Migration Software. Click Here
2020/3/10 INTEL-SA-00354 A potential security vulnerability in Intel® Smart Sound Technology may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2020/3/10 INTEL-SA-00352 A potential security vulnerability in BlueZ may allow escalation of privilege and denial of service. BlueZ is releasing software updates to mitigate this potential vulnerability. Click Here
2020/3/10 INTEL-SA-00349 A potential security vulnerability in Intel® MAX® 10 FPGA may allow information disclosure. Intel is releasing documentation updates to mitigate this potential vulnerability. Click Here
2020/3/10 INTEL-SA-00343 Potential security vulnerabilities in system firmware for some Intel® NUC may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Click Here
2020/3/10 INTEL-SA-00334 Potential security vulnerabilities in some Intel® Processors may allow information disclosure. Intel and others are releasing software updates to mitigate these potential vulnerabilities. Click Here
2020/3/10 INTEL-SA-00330 A potential security vulnerability in some Intel® Processors may allow information disclosure. Click Here
2020/3/10 INTEL-SA-00326 A potential security vulnerability in Intel® Optane™ DC Persistent Memory Module Management Software may allow escalation of privilege and denial of service. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2020/3/10 INTEL-SA-00319 Potential security vulnerabilities in the Intel® Field Programmable Gate Array (FPGA) Programmable Acceleration Card (PAC) N3000 may allow escalation of privilege or denial of service. Click Here
2020/3/10 INTEL-SA-00315 Potential security vulnerabilities in Intel® Graphics Drivers may allow escalation of privilege, denial of service and/or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities. Click Here
2020/3/10 AMD-TRRespass (CVE-2020-10255) AMD is aware of new research related to an industry-wide DRAM issue called TRRespass whereby researchers demonstrated a method that claims to bypass existing Targeted Row Refresh (TRR) mitigations. AMD microprocessor products include memory controllers designed to meet industry-standard DDR specifications. Susceptibility varies based on DRAM device, vendor, technology and system settings. Click Here
2020/2/17 INTEL-SA-00289 A potential security vulnerability in some Intel® Processors may allow escalation of privilege and/or information disclosure.  Intel has released firmware updates to system manufacturers to mitigate this potential vulnerability. Click Here
2020/2/17 INTEL-SA-00241 Potential security vulnerabilities in Intel® Converged Security and Manageability Engine (CSME), Intel® Server Platform Services (SPS), Intel® Trusted Execution Engine (TXE), Intel® Active Management Technology (AMT), Intel® Platform Trust Technology (PTT) and Intel® Dynamic Application Loader (DAL) may allow escalation of privilege, denial of service or information disclosure. Click Here
2020/2/11 INTEL-SA-00307 A potential security vulnerability in CSME subsystem may allow escalation of privilege, denial of service, and information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. Click Here
2019/6/17 ARM-Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism Based on the recent research findings from Google on the potential new cache timing side-channels exploiting processor speculation, here is the latest information on possible Arm processors impacted and their potential mitigations. Click Here