Intel's latest patch set plugs some serious holes in CPU, Bluetooth, server, and – ironically – security lines

Intel's latest patch set plugs some serious holes in CPU, Bluetooth, server, and – ironically – security lines

Intel has pushed out a raft of security advisories for June, bringing its total discovered "potential vulnerabilities" for the year to date to 132, only a quarter of which were reported by external contributors and the company's bug bounty programme.


"Today we released 29 security advisories addressing 73 vulnerabilities," Intel's Jerry Bryant said of the company's latest updates. "40 of those, or 55 per cent, were found internally through our own proactive security research. Of the remaining 33 CVEs being addressed, 29, or 40 per cent, were reported through our bug bounty programme."


While the bug bounty programme may have accounted for a minority of this month's vulnerabilities, in the context of 2021 so far, that's more than usual. For the 132 "potential vulnerabilities" patched, a whopping 75 per cent were discovered by Chipzilla's internal security team – and 70 per cent patched out before public disclosure.

This month's patch set includes fixes for a range of issues, several of them rated as high severity – including four local privilege escalation vulnerabilities in firmware for its CPU products; another local privilege escalation vulnerability in Intel Virtualization Technology for Directed I/O (VT-d); a somewhat ironic network-exploitable privilege escalation vulnerability in the Intel Security Library; yet another locally exploitable privilege escalation in the NUC family of computers; still more in its Driver and Support Assistant (DSA) software and RealSense ID platform; and a denial-of-service (DoS) vulnerability in selected Thunderbolt controllers. Phew.


Intel's advisories also include a patch for a medium-severity vulnerability in BlueZ, a Bluetooth software stack for Linux, which can allow for man-in-the-middle attacks against supposedly secure Bluetooth and Bluetooth Low Energy (BLE) connections. Another medium-rated vulnerability affecting Intel's processors allows for locally exploitable information disclosure through "observable response discrepancy in floating-point operations."


System administrators with Intel Server Board M10JNP2SB systems in u ..