2021年2月9日(米国時間)、Intelから複数のセキュリティアドバイザリが公開されました。影響を受ける製品やバージョンについての詳細は、Intelの各アドバイザリを参照いただき、影響範囲の確認と対策の実施をご検討ください。
INTEL-SA-00318: Intel Ethernet I210 Controller Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00318.html
Intel Ethernet I210 Controller seriesにサービス運用妨害(DoS)が可能な脆弱性
INTEL-SA-00397: Intel RealSense DCM Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00397.html
Intel RealSense Depth Camera Managerに権限昇格が可能な脆弱性
INTEL-SA-00425:Intel Collaboration Suite for WebRTC Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00425.html
Intel Collaboration Suite for WebRTCに権限昇格が可能な脆弱性
INTEL-SA-00434: Intel Server Boards, Server Systems and Compute Modules Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00434.html
Intel Server Boards、Intel Server Systems、Intel Compute Modulesに権限昇格、情報窃取が可能な脆弱性
INTEL-SA-00436: Intel Optane DC Persistent Memory Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00436.html
Intel Optane DC Persistent Memory installer for Windowsに権限昇格が可能な脆弱性
INTEL-SA-00438: Intel Graphics Drivers Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
Intel Graphics Drivers、Intel Processors for Windows、Intel Graphics Drivers for Linuxに権限昇格、サービス運用妨害(DoS)、情報窃取が可能な脆弱性
INTEL-SA-00443: Intel Server Board Onboard Video Driver Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00443.html
Intel Server Board Onboard Video Driver for Windowsに権限昇格が可能な脆弱性
INTEL-SA-00444: Intel SGX Platform Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00444.html
Intel Software Guard Extensions (SGX) Platform Software for Windowsにサービス運用妨害(DoS)が可能な脆弱性
INTEL-SA-00445: Intel EPID SDK Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00445.html
Intel Enhance Privacy ID (EPID) SDKに権限昇格が可能な脆弱性
INTEL-SA-00448: Intel PROSet/Wireless WiFi and Killer Driver Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00448.html
Intel PROSet/Wireless WiFiおよびKiller drivers for Windows 10にサービス運用妨害(DoS)、情報窃取が可能な脆弱性
INTEL-SA-00450: Intel XTU Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00450.html
Intel Extreme Tuning Utilityにサービス運用妨害(DoS)が可能な脆弱性
INTEL-SA-00451: Intel Quartus Prime Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00451.html
Intel Quartus Prime ProおよびStandard editionに権限昇格が可能な脆弱性
INTEL-SA-00453: Intel XMM 7360 Cell Modem Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00453.html
Intel 7360 Cell ModemのUDEファームウェアにサービス運用妨害(DoS)が可能な脆弱性
INTEL-SA-00455: Intel SGX Platform Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00455.html
Intel Trace AnalyzerおよびCollectorに情報窃取が可能な脆弱性
INTEL-SA-00456: Intel Ethernet Controllers Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00456.html
Intel Ethernet Controllersrにサービス運用妨害(DoS)が可能な脆弱性
INTEL-SA-00457: Intel SSD Toolbox Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00457.html
Intel SSD Toolboxに権限昇格が可能な脆弱性
INTEL-SA-00462: Intel Ethernet E810 Adapter Driver Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00462.html
Intel Ethernet E810 Adapter drivers for Linux、Intel Ethernet E810 Adapter drivers for Windowsに情報窃取、サービス運用妨害(DoS)が可能な脆弱性
INTEL-SA-00471: Intel SOC Driver Package Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00471.html
Intel SOC Driver Package for STK1A32SCに権限昇格が可能な脆弱性
INTEL-SA-00475: Intel Trace Analyzer and Collector Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00475.html
Intel Trace AnalyzerおよびCollectorに権限昇格が可能な脆弱性
Intel Corporation
Intel Product Security Center Advisories
https://www.intel.com/content/www/us/en/security-center/default.html
CyberNewsFlashは、注意喚起とは異なり、発行時点では注意喚起の基準に満たない脆弱性の情報やセキュリティアップデート予告なども含まれます。今回の件を含め、提供いただける情報がありましたら、JPCERT/CCまでご連絡ください。
一般社団法人JPCERTコーディネーションセンター(JPCERT/CC)
早期警戒グループ
Email:ew-info@jpcert.or.jp