IEI Security Advisory

IEI Security Advisory

Providing customers with safe and reliable products is at the core of our mission. We provide this platform for customers to obtain real-time information. Meanwhile, we will continue to identify and resolve security vulnerabilities to ensure system security and mitigate potential risks.

The recently identified security vulnerabilities are listed in the following table.

Date Vulnerabilities or Exposures Description Security Website Reference
2021/2/24 RAPL (CVE-2020-12912) A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access. Click Here
2021/2/24 TPM Vulnerability - Non orderly shutdown failed tries (CVE-2020 12926) AMD was notified by the Trusted Computing Group (TCG) that its Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD believes that the attack requires physical access of the device because the power must be repeatedly turned on and off. This potential attack may be used to change confidential information, alter executables signed by key material in the TPM, or create a denial of service of the device. Click Here
2021/2/24 Privilege Escalation in atillk64.sys (CVE-2020-12927) A potential vulnerability in a dynamically loaded AMD driver in AMD VBIOS Flash Tool SDK may allow any authenticated user to escalate privileges to NT authority system. Click Here
2021/2/9 INTEL-SA-00475 A potential security vulnerability in the Intel® Trace Analyzer and Collector may allow an escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/2/9 INTEL-SA-00471 A potential security vulnerability in the Intel® System-on-a-Chip (SOC) Driver Package for STK1A32SC may allow escalation of privilege.  Intel is releasing a software update to mitigate this potential vulnerability. Click Here
2021/2/9 INTEL-SA-00462 Potential security vulnerabilities in some Intel® Ethernet E810 Adapter Drivers for Linux and Windows* may allow denial of service or information disclosure.  Intel is releasing driver updates to mitigate these potential vulnerabilities. Click Here
2021/2/9 INTEL-SA-00457 A potential security vulnerability in the Intel® Solid State Drive (SSD) Toolbox may allow escalation of privilege.  Intel is not releasing updates to mitigate this potential vulnerability and has replaced it with the Intel® Memory and Storage (MAS) Tool. Click Here
2021/2/9 INTEL-SA-00456 Potential security vulnerabilities in some Intel® Ethernet Controllers may allow denial of service.  Intel is releasing firmware updates to mitigate these potential vulnerabilities. Click Here
2021/2/9 INTEL-SA-00455 A potential security vulnerability in the Intel® Software Guard Extensions (SGX) may allow information disclosure.  Intel released firmware updates to mitigate this potential Click Here
2021/2/9 INTEL-SA-00451 A potential security vulnerability in the Intel® Quartus Prime Pro and Standard edition software may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/2/9 INTEL-SA-00450 A potential security vulnerability in the Intel® Extreme Tuning Utility (XTU) may allow denial of service.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/2/9 INTEL-SA-00448 A potential security vulnerability in some Intel® PROSet/Wireless WiFi and Killer™ drivers for Windows 10* may allow information disclosure or denial of service. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/2/9 INTEL-SA-00445 A potential security vulnerability in the Intel® Enhance Privacy ID (EPID) SDK may allow an escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/2/9 INTEL-SA-00444 A potential security vulnerability in the Intel® Software Guard Extensions (SGX) Platform Software for Windows* may allow denial of service.  Intel has released software updates to mitigate this potential vulnerability. Click Here
2021/2/9 INTEL-SA-00443 A potential security vulnerability in the Intel® Server Board Onboard Video Driver for Windows* may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/2/19 INTEL-SA-00438 Potential security vulnerabilities in some Intel® Graphics Drivers may allow escalation of privilege, denial of service and/or information disclosure.  Intel is releasing software updates to mitigate these potential vulnerabilities. Click Here
2021/2/9 INTEL-SA-00436 A potential security vulnerability in the Intel® Optane™ DC Persistent Memory installer for Windows* may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/2/9 INTEL-SA-00434 Potential security vulnerabilities in some Intel® Server Boards, Server Systems and Compute Modules Baseboard Management Controller (BMC) firmware may allow escalation of privilege or information disclosure.  Intel is releasing firmware updates to mitigate these potential vulnerabilities. Click Here
2021/2/9 INTEL-SA-00425 A potential security vulnerability in the Intel® Collaboration Suite for WebRTC may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/2/9 INTEL-SA-00397 A potential security vulnerability in the Intel® RealSense™ Depth Camera Manager (DCM) may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2021/2/9 INTEL-SA-00318 Potential security vulnerabilities in the Intel® Ethernet I210 Controller series of network adapters may allow denial of service.  Intel is releasing firmware updates to mitigate these potential vulnerabilities. Click Here
2020/11/10  RAPL (CVE-2020-12912) “Software-based Power Side Channel Attacks on AMD”, researchers from Graz University of Technology describe a differential power analysis method to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks.   Click Here
 2020/11/10  TPM Vulnerability - Non orderly shutdown failed tries (CVE-2020 12926)  AMD was notified by the Trusted Computing Group (TCG) that its Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD believes that the attack requires physical access of the device because the power must be repeatedly turned on and off.   This potential attack may be used to change confidential information, alter executables signed by key material in the TPM, or create a denial of service of the device.   Click Here
 2020/11/10  Privilege Escalation in atillk64.sys (CVE-2020-12927)  A researcher (h0mbre pwner) notified AMD of a potential vulnerability in a driver created with the AMD VBIOS Flash Tool Software Development Kit (SDK). The disclosed vulnerability may allow low privileged users to potentially escalate privilege to administrator privileges on Windows. The potential vulnerability is in the AMD VBIOS Flash Tool Software Development Kit (SDK) used by customers to create drivers. AMD has provided mitigations in the AMD VBIOS Flash Tool Software Development Kit (SDK) 3.12. Click Here
 2020/11/10  INTEL-SA-00449  A potential security vulnerability in the Intel® Driver & Support Assistant (DSA) may allow denial of service.  Intel is releasing a software update to mitigate this potential vulnerability. Click Here
 2020/11/10  INTEL-SA-00447  A potential security vulnerability in Intel® Board ID Tool may allow escalation of privilege.  Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for Intel® Board ID Tool. Click Here
 2020/11/10  INTEL-SA-00429  A potential security vulnerability in the Intel® Extreme Tuning Utility (XTU) may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
 2020/11/10  INTEL-SA-00422  Potential security vulnerabilities in some Intel® Thunderbolt™ DCH drivers for Windows* may allow escalation of privilege or information disclosure.  Intel is releasing updates to mitigate these potential vulnerabilities. Click Here
 2020/11/10  INTEL-SA-00420  A potential security vulnerability in the Intel® QuickAssist Technology (QAT) for Linux may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
 2020/11/10  INTEL-SA-00419  A potential security vulnerability in the Intel® Processor Identification Utility may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
 2020/11/10  INTEL-SA-00417  A potential security vulnerability in the Intel® Advisor tools may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
 2020/11/10  INTEL-SA-00413  A potential security vulnerability in the Intel® Setup and Configuration Software (SCS) Add-on for Microsoft* System Center Configuration Manager (SCCM) may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
 2020/11/10  INTEL-SA-00412  Potential security vulnerabilities in the Intel® Endpoint Management Assistant (EMA) may allow escalation of privilege or information disclosure.  Intel is releasing software updates to mitigate these potential vulnerabilities. Click Here
 2020/11/10  INTEL-SA-00410  A potential security vulnerability in the Intel® Computing Improvement Program may allow information disclosure.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
 2020/11/10  INTEL-SA-00409  A potential security vulnerability in some Intel® High Definition Audio drivers may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
 2020/11/10  INTEL-SA-00403  Potential security vulnerabilities in some Intel® Wireless Bluetooth® products may allow escalation of privilege or denial of service. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. Click Here
 2020/11/10  INTEL-SA-00402  Potential security vulnerabilities in some Intel® PROSet/Wireless WiFi products may allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. Click Here
 2020/11/10  INTEL-SA-00400  A potential security vulnerability in the Intel® 50 Gbps Ethernet (50GbE) Intellectual Property (IP) Core for Intel® Quartus Prime may allow denial of service.  Intel is releasing a software update to mitigate this potential vulnerability. Click Here
 2020/11/10  INTEL-SA-00391  Potential security vulnerabilities in Intel® Converged Security and Manageability Engine (CSME), Server Platform Services (SPS), Intel® Trusted Execution Engine (TXE), Intel® Dynamic Application Loader (DAL), Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM) and Intel® Dynamic Application Loader (Intel® DAL) may allow escalation of privilege, denial of service or information disclosure.  Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. Click Here
2020/11/10   INTEL-SA-00390    Potential security vulnerabilities in Intel BIOS platform sample code for some Intel® Processors may allow escalation of privilege.  Intel is releasing BIOS platform sample code updates to mitigate these potential vulnerabilities. Click Here
 2020/11/10  INTEL-SA-00389 Potential security vulnerabilities in the Intel® Running Average Power Limit (RAPL) Interface may allow information disclosure.  Intel is releasing microcode and Linux driver updates to mitigate these potential vulnerabilities.   Click Here
 2020/11/10  INTEL-SA-00381  Potential security vulnerabilities in some Intel® Processors may allow information disclosure.  Intel is releasing firmware updates to mitigate these potential vulnerabilities. Click Here
 2020/11/10 INTEL-SA-00380    Potential security vulnerabilities in Intel® Ethernet 700 Series Controllers may allow escalation of privilege and/or denial of service.  Intel is releasing firmware updates to mitigate these potential vulnerabilities. Click Here
2020/11/10 INTEL-SA-00362 Potential security vulnerabilities in multiple Intel® Solid State Drive (SSD) products may allow information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Click Here
2020/11/10 INTEL-SA-00360 A potential security vulnerability in the Power Management Controller (PMC) for some Intel® Processors may allow escalation of privilege.  Intel is releasing firmware updates to mitigate this potential vulnerability. Click Here
2020/11/10 INTEL-SA-00358 Potential security vulnerabilities in the BIOS firmware for some Intel® Processors may allow escalation of privilege or denial of service.  Intel is releasing firmware updates to mitigate this potential vulnerability. Click Here
2020/11/10 INTEL-SA-00262 >A potential security vulnerability in the Intel® Media SDK for Windows* may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2020/10/13 Escape Handler (CVE-2020-12933) Cisco Talos has published a new potential vulnerability in AMD graphics drivers, which may result in a blue screen. The issue was addressed in Radeon™ Software Adrenalin 2020 Edition Click Here
2020/10/13 AMD Ryzen Master™ Driver Vulnerability (CVE-2020-12928) A researcher has discovered a potential security vulnerability impacting AMD Ryzen™ Master that may allow authenticated users to elevate from user to system privileges. AMD has released a mitigation in AMD Ryzen Master 2.2.0.1543. AMD believes that the attack must come from a non-privileged process already running on the system when the local user runs AMD Ryzen™ Master and that a remote attack has not been demonstrated. Click Here
2020/10/7 CreateAllocation (CVE-2020-12911)  A new potential vulnerability in AMD graphics drivers, which may result in a blue screen. AMD believes that confidential information and long-term system functionality are not impacted, and that the user can resolve the issue by restarting the computer. AMD plans to issue updated graphics drivers to address the issue in the first quarter of 2021. Click Here
2020/9/8 INTEL-SA-00405 A potential security vulnerability in the Intel® Driver & Support Assistant may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2020/9/8 INTEL-SA-00404 Potential security vulnerability in Intel® Active Management Technology (AMT), and Intel® Standard Manageability (ISM) may allow escalation of privilege.  Intel is releasing firmware updates to mitigate this potential vulnerability. Click Here
2020/9/8 INTEL-SA-00356 Potential security vulnerabilities in BIOS firmware for multiple Intel Platforms may allow escalation of privilege, denial of service and/or information disclosure. Intel is releasing BIOS updates to mitigate these potential vulnerabilities. Click Here
2020/9/8 INTEL-SA-00347 Potential security vulnerabilities in BIOS firmware for multiple Intel Platforms may allow escalation of privilege, denial of service and/or information disclosure.  Intel is releasing BIOS updates to mitigate these potential vulnerabilities. Click Here
2020/8/11 INTEL-SA-00411 A potential security vulnerability in some Intel® Thunderbolt™ controllers may allow information disclosure.  Intel is releasing prescriptive guidance to mitigate this potential vulnerability. Click Here
2020/8/11 INTEL-SA-00406 A potential security vulnerability in the Intel® SSD Data Center Tool (DCT) may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2020/8/11 INTEL-SA-00399 A potential security vulnerability in the Intel® Distribution of OpenVINO™ Toolkit may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2020/8/11 INTEL-SA-00394 A potential security vulnerability in the Intel® Mailbox Interface driver may allow escalation of privilege.  Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for the Intel® Mailbox Interface driver. Click Here
2020/8/11 INTEL-SA-00387 A potential security vulnerability in the Intel® Computing Improvement Program may allow escalation of privilege.  Intel is releasing updates to mitigate this potential vulnerability. Click Here
2020/8/11 INTEL-SA-00379 A potential security vulnerability in the Intel® Wireless for Open Source may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2020/8/11 INTEL-SA-00378 >A potential security vulnerability in the Intel® RAID Web Console 3 for Windows* may allow denial of service.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2020/8/11 INTEL-SA-00377 A potential security vulnerability in the Intel® Rapid Storage Technology Enterprise (RSTe) Software RAID Driver may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2020/8/11 INTEL-SA-00369 Potential security vulnerabilities in some Intel® Graphics Drivers may allow escalation of privilege and/or denial of service.  Intel is releasing software updates to mitigate these potential vulnerabilities. Click Here
2020/8/11 INTEL-SA-00355 A potential security vulnerability in some Intel® PROSet/Wireless WiFi products may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2020/8/11 INTEL-SA-00337 Potential security vulnerabilities in some Intel® Wireless Bluetooth® products may allow denial of service, information disclosure or escalation of privilege.  Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. Click Here
2020/7/14 Pixel Shader on Hyper-V (CVE-2020-6100, CVE-2020-6101, CVE-2020-6102, CVE-2020-6103) The research finds that on a compromised Windows guest Microsoft Hyper-V VM based on an AMD GPU or APU with an AMD graphics driver installed and with Microsoft’s RemoteFX 3D feature enabled, an attacker could potentially pass maliciously malformed pixel shaders and gain access to a host machine. Click Here
2020/6/17 SMM Callout Privilege Escalation (CVE-2020-12890) AMD is aware of new research related to a potential vulnerability in AMD software technology supplied to motherboard manufacturers for use in their Unified Extensible Firmware Interface (UEFI) infrastructure and plans to complete delivery of updated versions designed to mitigate the issue by the end of June 2020. Click Here
2020/6/9 INTEL-SA-00366 A potential security vulnerability in the Intel® Innovation Engine Build and Signing Tool may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2020/6/9 INTEL-SA-00322 Potential security vulnerabilities in BIOS firmware for some Intel® Processors may allow escalation of privilege and/or denial of service.  Intel is releasing firmware updates to mitigate these potential vulnerabilities. Click Here
2020/6/9 INTEL-SA-00320 A potential security vulnerability in some Intel® Processors may allow information disclosure.  Intel is releasing firmware updates to mitigate this potential vulnerability. Click Here
2020/6/9 INTEL-SA-00295 Potential security vulnerabilities in Intel® Converged Security and Manageability Engine (CSME), Intel® Server Platform Services (SPS), Intel® Trusted Execution Engine (TXE), Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM) and Intel® Dynamic Application Loader (DAL) may allow escalation of privilege, denial of service or information disclosure.  Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. Click Here
2020/4/14 INTEL-SA-00363 A potential security vulnerability in system firmware for some Intel® NUC may allow escalation of privilege. Intel is releasing a firmware update to mitigate this potential vulnerability. Click Here
2020/4/14 INTEL-SA-00359 A potential security vulnerability in the Intel® Binary Configuration Tool for Windows may allow escalation of privilege.  Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for the Intel® Binary Configuration Tool for Windows. Click Here
2020/4/14 INTEL-SA-00351 A potential security vulnerability in Intel® Modular Server MFS2600KI Compute Module may allow escalation of privilege or denial of service. Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for Intel® Modular Server MFS2600KI Compute Module. Click Here
2020/4/14 INTEL-SA-00344 A potential security vulnerability in the Intel® Driver and Support Assistant may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2020/4/14 INTEL-SA-00338 Potential security vulnerabilities in some Intel® PROSet/Wireless WiFi products may allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. Click Here
2020/4/14 INTEL-SA-00327 A potential security vulnerability in Intel® Data Migration Software may allow escalation of privilege. Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for Intel® Data Migration Software. Click Here
2020/3/10 INTEL-SA-00354 A potential security vulnerability in Intel® Smart Sound Technology may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2020/3/10 INTEL-SA-00352 A potential security vulnerability in BlueZ may allow escalation of privilege and denial of service. BlueZ is releasing software updates to mitigate this potential vulnerability. Click Here
2020/3/10 INTEL-SA-00349 A potential security vulnerability in Intel® MAX® 10 FPGA may allow information disclosure. Intel is releasing documentation updates to mitigate this potential vulnerability. Click Here
2020/3/10 INTEL-SA-00343 Potential security vulnerabilities in system firmware for some Intel® NUC may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Click Here
2020/3/10 INTEL-SA-00334 Potential security vulnerabilities in some Intel® Processors may allow information disclosure. Intel and others are releasing software updates to mitigate these potential vulnerabilities. Click Here
2020/3/10 INTEL-SA-00330 A potential security vulnerability in some Intel® Processors may allow information disclosure. Click Here
2020/3/10 INTEL-SA-00326 A potential security vulnerability in Intel® Optane™ DC Persistent Memory Module Management Software may allow escalation of privilege and denial of service. Intel is releasing software updates to mitigate this potential vulnerability. Click Here
2020/3/10 INTEL-SA-00319 Potential security vulnerabilities in the Intel® Field Programmable Gate Array (FPGA) Programmable Acceleration Card (PAC) N3000 may allow escalation of privilege or denial of service. Click Here
2020/3/10 INTEL-SA-00315 Potential security vulnerabilities in Intel® Graphics Drivers may allow escalation of privilege, denial of service and/or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities. Click Here
2020/3/10 AMD-TRRespass (CVE-2020-10255) AMD is aware of new research related to an industry-wide DRAM issue called TRRespass whereby researchers demonstrated a method that claims to bypass existing Targeted Row Refresh (TRR) mitigations. AMD microprocessor products include memory controllers designed to meet industry-standard DDR specifications. Susceptibility varies based on DRAM device, vendor, technology and system settings. Click Here
2020/2/17 INTEL-SA-00289 A potential security vulnerability in some Intel® Processors may allow escalation of privilege and/or information disclosure.  Intel has released firmware updates to system manufacturers to mitigate this potential vulnerability. Click Here
2020/2/17 INTEL-SA-00241 Potential security vulnerabilities in Intel® Converged Security and Manageability Engine (CSME), Intel® Server Platform Services (SPS), Intel® Trusted Execution Engine (TXE), Intel® Active Management Technology (AMT), Intel® Platform Trust Technology (PTT) and Intel® Dynamic Application Loader (DAL) may allow escalation of privilege, denial of service or information disclosure. Click Here
2020/2/11 INTEL-SA-00307 A potential security vulnerability in CSME subsystem may allow escalation of privilege, denial of service, and information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. Click Here
2019/6/17 ARM-Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism Based on the recent research findings from Google on the potential new cache timing side-channels exploiting processor speculation, here is the latest information on possible Arm processors impacted and their potential mitigations. Click Here