A safety alert issued for Intel processors has acquired an replace from BSI. You can examine which techniques and merchandise are affected by safety holes right here at information.de.
Federal workplace for Security in Information Technology (BSI) issued a safety advisory for Intel processors on May 14, 2024. The software program comprises a number of vulnerabilities that make it potential to assault. BIOS/Firmware and Hardware Appliance purposes and merchandise SUSE Linux, Dell Computer, Lenovo Computer and Intel Processor are affected by the safety vulnerability. The following alert was final up to date on May 23, 2024.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability might be discovered right here: SUSE Security Update SUSE-SU-2024:1771-1 (From 23 May 2024). Some helpful hyperlinks are listed later on this article.
Multiple vulnerabilities reported for Intel processors – Risk: average
Risk stage: 5 (average)
CVSS Base Score: 6.7
CVSS provisional rating: 5,8
Remote assault: No
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in laptop techniques. The CVSS customary makes it potential to match potential or precise safety dangers primarily based on numerous standards to create a precedence record for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. For momentary impact, body situations that will change over time are thought-about within the take a look at. According to CVSS, the danger of the present vulnerability is assessed as “medium” with 6.7 foundation factors.
Intel processor bug: Summary of reported vulnerabilities
A processor is the central processing unit of a pc.
A neighborhood attacker can exploit a number of vulnerabilities in numerous Intel processors to reveal data, create a denial of service state, and elevate privileges.
Vulnerabilities are recognized by CVE (Common Vulnerabilities and Exposures) ID numbers. CVE-2023-45733, CVE-2024-21774, CVE-2024-21831 and CVE-2023-46103 on the market.
Systems affected by the safety hole at a look
plans
BIOS/Firmware, Hardware Appliance
Products
SUSE Linux (cpe:/o:use:suse_linux)
Dell Computer (cpe:/o:dell:dell_computer)
Lenovo Computer (cpe:/h:lenovo:laptop)
Intel Processor Meteor Lake Intel Processor Alder Lake Intel Processor Alder Lake Intel Processor Alder Lake Intel Processor Raptor Intel Processor Arizona Beach Intel Processor Meteor Lake Intel Processor Test Tool Intel Intel Device Identification Processor Device Identification Processor Legacy
General suggestions for coping with IT vulnerabilities
- Users of the affected apps ought to keep up-to-date. When safety holes are recognized, producers are required to repair them shortly by creating a patch or workaround. If safety patches can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This usually comprises further details about the most recent model of the software program in query and the supply of safety patches or efficiency suggestions.
- If you’ve gotten any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to test each time a producing firm makes a brand new safety replace accessible.
Sources for updates, patches and workarounds
Here you’ll discover some hyperlinks with details about bug studies, safety fixes and workarounds.
SUSE Security Update SUSE-SU-2024:1771-1 vom 2024-05-23 (23.05.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:1684-1 vom 2024-05-20 (20.05.2024)
For extra data, see:
Dell Security Advisory DSA-2024-160 vom 2024-05-14 (14.05.2024)
For extra data, see:
Dell Security Advisory DSA-2024-113 vom 2024-05-14 (14.05.2024)
For extra data, see:
Lenovo Security Advisory LEN-158632 from 2024-05-15 (14.05.2024)
For extra data, see:
Intel Security Advisory INTEL-SA-01054 vom 2024-05-14 (14.05.2024)
For extra data, see:
Intel Security Advisory INTEL-SA-01069 vom 2024-05-14 (14.05.2024)
For extra data, see:
Intel Security Advisory INTEL-SA-01052 vom 2024-05-14 (14.05.2024)
For extra data, see:
Intel Security Advisory INTEL-SA-01051 vom 2024-05-14 (14.05.2024)
For extra data, see:
Version historical past of this safety alert
This is model 3 of this IT safety discover for Intel processors. If additional updates are introduced, this doc will likely be up to date. You can see the adjustments made utilizing the model historical past under.
May 14, 2024 – First model
May 20, 2024 – New updates from SUSE added
May 23, 2024 – New updates from SUSE added
+++ Editorial observe: This doc relies on present BSI information and will likely be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
comply with News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you’ll discover sizzling information, present movies and a direct line to the editorial group.
kns/roj/information.de