In the course of the monthly patch day, Intel published 29 security notices that deal with a total of 73 vulnerabilities ranging from “low” to “high” in numerous products. In many cases, software and firmware updates are available that end users can download directly from Intel’s website. Often, however, Intel’s patches are also incorporated into OEM or operating system-specific updates, which users should look out for accordingly.
In a current one Blog post about the Intel Patchday Above all, the company pats itself on the shoulder: In the current year, 70 percent of the security gaps in Intel products were discovered by the internal team and fixed by means of patches before they became public. These and other statements, for example with regard to the company’s own bug bounty program, are likely to be aimed at competitor AMD, which is seen to have significantly less public activity with regard to patches.
In the following, we limit ourselves to an overview of the security vulnerabilities with a “high” rating; Intel’s Security Center provides a complete overview of all advisories.
“High”: Updates for VT-d, BIOS and more
The highest CVSS score among the June “high” gaps, 8.8, was assigned to CVE-2021-24489. The vulnerability is in Intel’s VT-d (Virtualization Technology for Directed I / O) and, if I / O virtualization is used on the system in question, it could be misused by a local, authenticated attacker to extend his access rights. Updates come via the OEMs; further details and an overview of the affected processor families are available from the Advisory INTEL-SA-00442 refer to.
Soon BIOS updates for most Core-i and Xeon systems since Skylake (Core i-6000, year 2015) are to be expected due to several other BIOS security holes with ratings from “Medium” to “High” Advisory INTEL-SA-00463 summarizes. Existing access rights can also be expanded here, although local or physical access is required depending on the gap.
With the ecxeption of INTEL-SA-00460 to Intel RealSense ID, which merely describes “preventive protective measures” against two possible attacks, all other advisories with a “high” rating contain download information on updated drivers, firmware and software. We have linked them below, stating the highest CVSS score in each case:
Microcode updates against “medium” processor gaps
Among the advisories on “medium” threats, two stand out that refer to microcode updates: INTEL-SA-00464 and INTEL-SA-00516 describe three apparently newly discovered processor gaps that could be misused to read information, albeit only with local access and with existing low privileges.
The information in the advisories is on the whole rather sparse, and the MITER database entries for the CVE IDs have not yet been filled with information. CVE-2020-24511 and CVE-2020-24512 (CVSS scores 6.5 or 2.8 / “Low”) affect many Core-i types from Skylake. According to the description, the former is based on inadequate shielding of shared CPU resources, while the latter can apparently be exploited using time-based attacks. CVE-2020-24513 (CVSS 5.6), referred to by Intel as “Domain-bypass transient execution vulnerability”, is in turn found in some processors of the Atom series and is apparently related to the Software Guard Extensions (SGX), which are rarely used at Atom.
All three security holes can be found in one Table with the affected processors, for which a microcode update (MCU) is coming, again. This is called “Transient Execution Attacks”, includes various side-channel attacks using speculative command execution and has been carried out by Intel since Specter and Meltdown.