Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Thursday April 16 2020, @08:14AM   Printer-friendly
from the another-day-another-bug dept.

Intel Fixes High-Severity Flaws in NUC, Discontinues Buggy Compute Module:

Intel has stomped out high-severity flaws in its Next Unit Computing (NUC) mini PC firmware, and in its Modular Server MFS2600KISPP Compute Module.

Overall, Intel addressed nine vulnerabilities across six products in its April security update – two of those being high-severity, and the rest being medium-severity. If exploited, the flaws could allow attackers to escalate privileges or launch denial-of-service (DoS) attacks.

One of the high-severity flaws stems from a compute module (MFS2600KISPP) used in Intel's modular server system, which is a blade system for Intel motherboards and processors first introduced in 2008. The vulnerability stems from an improper conditions check, which could allow an unauthenticated user to potentially enable escalation of privilege (via adjacent access). The flaw (CVE-2020-0578) ranks 7.1 out of 10 on the CVSS severity scale.

In addition to this flaw, two medium-severity flaws were also discovered in the same compute module: A buffer overflow (CVE-2020-0576) vulnerability that could allow an unauthenticated attacker to launch a DoS attack (via adjacent access); and an insufficient control flow glitch (CVE-2020-0577) that allows an unauthenticated user to potentially escalate privileges via adjacent access.

All versions of the MFS2600KISPP compute module are affected, but Intel said that it is not releasing security updates to mitigate the bugs – instead, it will discontinue the MFS2600KISPP compute module entirely.

"Intel has issued a product-discontinuation notice for Intel Modular Server MFS2600KISPP Compute Module and recommends that users of the Intel Modular Server MFS2600KISPP Compute Module to discontinue use at their earliest convenience," according to Intel's advisory.

Previously:
High-Severity Flaws Plague Intel Graphics Drivers


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by crafoo on Thursday April 16 2020, @12:58PM

    by crafoo (6639) on Thursday April 16 2020, @12:58PM (#983556)

    It's in the firmware. So every OS.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2