Intel Security Patches

Published on 16 Jan 2020

Updated on 16 Jan 2020

Overview

 

Intel has released six security advisories addressing vulnerabilities across multiple products. Two vulnerabilities are rated critical and require immediate attention:

  • CVE-2019-14613 (INTEL-SA-00325)- This vulnerability exists in Intel VTune Amplifier for Windows before update 8. Improper access control in the driver for Intel VTune Amplifier may allow an authenticated user to gain escalation of privilege via local access.

  • CVE-2019-14615 (INTEL-SA-00314) - This vulnerability exists in Intel Processor Graphics, due to insufficient control flow in certain data structures of some processors and could be exploited by an unauthenticated user with local access. It affects Windows and Linux graphics drivers on a wide range of processors.


Affected Products


CVE-2019-14613

  • Intel VTune Amplifier for Windows before update 8

CVE-2019-14615

  • 3rd Generation Intel Core Processors *

  • 4th Generation Intel Core Processors *

  • 6th Generation Intel Core Processors

  • 7th Generation Intel Core Processors

  • 8th Generation Intel Core Processors

  • 9th Generation Intel Core Processors

  • 10th Generation Intel Core Processors

  • Intel Xeon Processor E3 v2 Family *

  • Intel Xeon Processor E3 v3 Family *

  • Intel Xeon Processor E3 v5 Family

  • Intel Xeon Processor E3 v6 Family

  • Intel Xeon Processor E-2100 Family

  • Intel Xeon Processor E-2200 Family

  • Intel Pentium Processor A1000 Series *

  • Intel Pentium Processor 2000 Series *

  • Intel Pentium Processor 3500 Series *

  • Intel Pentium Processor 4000 Series

  • Intel Pentium Processor G2000 Series *

  • Intel Pentium Processor G3000 Series *

  • Intel Pentium Processor G4000 Series

  • Intel Pentium Processor J2000 Series *

  • Intel Pentium Processor J3000 Series

  • Intel Pentium Processor J4000 Series

  • Intel Pentium Processor N3500 Series *

  • Intel Pentium Processor N3700 Series

  • Intel Pentium Processor N4000 Series

  • Intel Pentium Processor Silver Series

  • Intel Pentium Processor Gold Series

  • Intel Celeron Processor 927UE *

  • Intel Celeron Processor 1000 Series *

  • Intel Celeron Processor 2000 Series

  • Intel Celeron Processor 3800 Series

  • Intel Celeron Processor 3900 Series

  • Intel Celeron Processor 4000 Series

  • Intel Celeron Processor 5000 Series

  • Intel Celeron Processor G1000 Series *

  • Intel Celeron Processor G3000 Series

  • Intel Celeron Processor G4000 Series

  • Intel Celeron Processor J1000 Series *

  • Intel Celeron Processor J3000 Series

  • Intel Celeron Processor J4000 Series

  • Intel Celeron Processor N2000 Series *

  • Intel Celeron Processor N3000 Series

  • Intel Celeron Processor N4000 Series

  • Intel Celeron Processor G3900 Series

  • Intel Celeron Processor G4900 Series

  • Intel Atom Processor A Series

  • Intel Atom Processor E Series *

  • Intel Atom Processor X Series

  • Intel Atom Processor Z Series *

* Platforms based on Ivy Bridge, Bay Trail and Haswell do not have full mitigations for Windows Operating System (OS). The full mitigations will be provided by Intel once they are validated. Linux mitigations for these platforms will be provided for the mainline kernel soon.

 

For the full list of security patches released by Intel, please visit https://www.intel.com/content/www/us/en/security-center/default.html.

 

Impact

 

CVE-2019-14613

Successful exploitation of the vulnerability could allow an authenticated attacker with local access to gain escalation of privileges.

 

CVE-2019-14615

Successful exploitation of the vulnerability could allow an unauthenticated user to obtain privileged information via local access.

 

Recommendations

 

Users and administrators of affected Intel products are advised to apply the necessary updates at https://www.intel.com/content/www/us/en/security-center/default.html.

 

References

 

[1] https://www.intel.com/content/www/us/en/security-center/default.html

[2] https://threatpost.com/intel-fixes-high-severity-flaw-in-performance-analysis-tool/151837/