Intel releases security advisories

Intel issued security advisories for vulnerability fixes or workarounds that impact multiple Intel products.

Four specific advisories (and corresponding vulnerabilities addressed) were released by Intel on Tuesday of this week:

Intel® Accelerated Storage Manager in RSTe Advisory (CVE-2019-0135): “Improper permissions in the installer for Intel(R) Accelerated Storage Manager in RSTe v5.5 and before may allow an authenticated user to potentially enable escalation of privilege via local access.”

Intel® USB 3.0 Creator Utility Advisory (CVE-2019-0129): “Improper permissions for Intel(R) USB 3.0 Creator Utility all versions may allow an authenticated user to potentially enable escalation of privilege via local access.”

Intel® Software Guard Extensions SDK Advisory (CVE-2019-0122): “Double free in Intel(R) SGX SDK for Linux before version 2.2 and Intel(R) SGX SDK for Windows before version 2.1 may allow an authenticated user to potentially enable information disclosure or denial of service via local access.”

Intel® Matrix Storage Manager Advisory (CVE-2019-0121): “Improper permissions in Intel(R) Matrix Storage Manager 8.9.0.1023 and before may allow an authenticated user to potentially enable escalation of privilege via local access.”

Intel said they have removed the USB 3.0 Creator Utility from distribution. However, users should uninstall the USB 3.0 Creator Utility or discontinue use as soon as possible.

For the other three advisories, Intel recommends users update systems to the latest version provided by the system manufacturer that addresses these issues.