Intel has revealed a slew of firmware flaws that might affect endpoints such as datacenter servers, workstations, mobile devices, and storage devices.
The issues, which Intel classified as “high severity,” can allow hostile actors to disclose information and elevate their rights.
A complete list of products affected by the vulnerabilities can be found here, including Intel Core X-series processors and 10th Generation Intel Core Processors.
To resolve these vulnerabilities, Intel recommends that users of impacted processors update to the latest versions provided by their system manufacturer.
A potential security vulnerability in Intel Processors which may allow information disclosure was also announced, though this was only dubbed “low severity” by Intel.
Unfortunately, the foregoing was not the only set of problems that Intel could reveal.
Intel said that “Observable behavioral discrepancy in some Intel processors may allow an authorized user to potentially enable information disclosure via local access.”
The bug could potentially affect all Intel processor families according to the hardware giant.
Intel recommends that any impacted product should utilize the LFENCE instruction “after loads that should observe writes from another thread to the same shared memory address”. Firewalls may not be enough by themselves in today’s climate, it’s not just Intel that has potential hardware security vulnerabilities floating around.
Academic researchers have demonstrated a successful attack strategy to get around the protections provided by AMDs famed Secure Encrypted Virtualization (SEV) technology.