2023年8月8日(現地時間)、Intelから46件のセキュリティアドバイザリが公開されました。複数の製品で権限昇格、サービス運用妨害(DoS)、情報漏えいなどの脆弱性が修正されています。影響を受ける製品やバージョンについての詳細は、Intelのアドバイザリを参照いただき、影響範囲の確認と対策をご検討ください。
なお、INTEL-SA-00828:2023.3 IPU - Intel Processor Advisoryで報告されている脆弱性(CVE-2022-40982)については、脆弱性の発見者が詳細な情報を公開しており、本脆弱性を悪用する攻撃手法をDownfall attacksと呼称しています。本脆弱性が悪用されると、特定の条件下においてCPU内部のレジスタに保存された情報を読み取ることができる可能性があります。
Downfall Attacks
https://downfall.page/
Intel Corporation
Intel Product Security Center Advisories
https://www.intel.com/content/www/us/en/security-center/default.html
INTEL-SA-00690:Intel SSD Tools Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html
Intel SSD Tools Softwareに権限昇格およびサービス運用妨害(DoS)の脆弱性
INTEL-SA-00742:Intel PCSD BIOS Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00742.html
Intel PCSD BIOSに情報漏えいの脆弱性
INTEL-SA-00766:Intel PROSet/Wireless WiFi and KillerTM WiFi Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html
Intel PROSet/Wireless WiFiおよびKillerTM WiFiに権限昇格およびサービス運用妨害(DoS)の脆弱性
INTEL-SA-00783:2023.3 IPU - Intel Chipset Firmware Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00783.html
Intel Chipset Firmware、Intel AMTおよびIntel Standard Manageabilityに権限昇格およびサービス運用妨害(DoS)の脆弱性
INTEL-SA-00794:Intel Ethernet Controller RDMA Driver for Linux Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html
Intel Ethernet Controller RDMA Driver for Linuxに権限昇格の脆弱性
INTEL-SA-00795:Intel RST Software Installer Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00795.html
Intel RST Softwareに権限昇格の脆弱性
INTEL-SA-00800:Intel Quartus for Linux Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00800.html
Intel Quartus Prime Pro edition software for LinuxおよびIntel Quartus Prime Standard edition software for Linuxに権限昇格の脆弱性
INTEL-SA-00812:Intel Arc Graphics Cards Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00812.html
Intel Arc Graphics Cardsにサービス運用妨害(DoS)および情報漏えいの脆弱性
INTEL-SA-00813:2023.3 IPU - BIOS Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00813.html
複数のIntelプロセッサに権限昇格、サービス運用妨害(DoS)および情報漏えいの脆弱性
INTEL-SA-00818:Intel oneVPL GPU Runtime Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00818.html
Intel oneVPL GPU Runtimeにサービス運用妨害(DoS)の脆弱性
INTEL-SA-00826:Intel Unite Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00826.html
Intel Unite Hub software installer for WindowsおよびIntel Unite Client software for Macに権限昇格の脆弱性
INTEL-SA-00828:2023.3 IPU - Intel Processor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html
複数のIntelプロセッサに情報漏えいの脆弱性
INTEL-SA-00829:Intel NUC CID Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html
Intel NUC CIDに権限昇格の脆弱性
INTEL-SA-00830:Intel Server Boards and Server System Firmware Update Utility Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00830.html
Intel Server BoardsおよびServer System Firmware Update Utilityに権限昇格の脆弱性
INTEL-SA-00835:Intel Ethernet Controllers and Adapters Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00835.html
Intel Ethernetコントローラーおよびアダプターにサービス運用妨害(DoS)の脆弱性
INTEL-SA-00836:2023.3 IPU - Intel 3rd Gen Intel Xeon Scalable processors Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html
第3世代Intel Xeonスケーラブルプロセッサに情報漏えいの脆弱性
INTEL-SA-00837:2023.3 IPU - Intel Xeon Processor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00837.html
複数のIntelプロセッサに権限昇格の脆弱性
INTEL-SA-00840:Intel Optimization for TensorFlow Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00840.html
Intel Optimization for TensorFlow Softwareに権限昇格の脆弱性
INTEL-SA-00842:Intel Distribution of OpenVINO Toolkit Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00842.html
Intel Distribution of OpenVINO Toolkitに権限昇格の脆弱性
INTEL-SA-00844:Intel VCUST Tool Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00844.html
2023年2月3日以前にダウンロードされたIntel VCUST Toolに権限昇格の脆弱性
INTEL-SA-00846:Intel VROC Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00846.html
Intel VROC Softwareに権限昇格の脆弱性
INTEL-SA-00848:Intel Advanced Link Analyzer Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00848.html
Intel Advanced Link Analyzer Standard Edition software installersに権限昇格の脆弱性
INTEL-SA-00849:Intel ISPC Software Installer Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00849.html
Intel ISPC Software Installerに権限昇格の脆弱性
INTEL-SA-00850:Intel Agilex Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00850.html
Intel Agilexに情報漏えいの脆弱性
INTEL-SA-00859:Intel Easy Streaming Wizard Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00859.html
Intel Easy Streaming Wizard Softwareに権限昇格の脆弱性
INTEL-SA-00862:Intel Support Android App Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00862.html
Intel Support Android Applicationに情報漏えいの脆弱性
INTEL-SA-00868:Intel NUC Pro Software Suite Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00868.html
Intel NUC Pro Software Suite for Windowsに権限昇格の脆弱性
INTEL-SA-00872:Intel PROSet/Wireless WiFi Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00872.html
Intel PROSet/Wireless WiFi Software for Windowsに権限昇格の脆弱性
INTEL-SA-00873:Intel oneMKL Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00873.html
Intel oneMKL Softwareに権限昇格の脆弱性
INTEL-SA-00875:Intel DTT Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00875.html
Intel DTT Softwareに権限昇格の脆弱性
INTEL-SA-00877:Intel AI Hackathon Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00877.html
Intel AI Hackathon Softwareに権限昇格の脆弱性
INTEL-SA-00878:Intel DSA Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00878.html
Intel DSA Softwareに権限昇格の脆弱性
INTEL-SA-00879:Hyperscan Library Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00879.html
Hyperscan Libraryにサービス運用妨害(DoS)の脆弱性
INTEL-SA-00890:Intel oneAPI Toolkit and Component Software Installers Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html
Intel oneAPI Toolkit and Component Software Installersに権限昇格の脆弱性
INTEL-SA-00892:Intel NUC Kit and Mini PC BIOS Firmware Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html
Intel NUC Performance KitおよびIntel NUC Performance Mini PCに権限昇格および情報漏えいの脆弱性
INTEL-SA-00893:Intel Manageability Commander Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00893.html
Intel Manageability Commander Softwareに権限昇格の脆弱性
INTEL-SA-00897:Intel Unison Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00897.html
Intel Unison Softwareに権限昇格および情報漏えいの脆弱性
INTEL-SA-00899:Intel Server Board BMC Video Driver Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00899.html
Intel Server Board BMC Video Driverに権限昇格の脆弱性
INTEL-SA-00905:Intel SDP Tool Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00905.html
Intel SDP Tool Softwareに権限昇格の脆弱性
INTEL-SA-00907:Intel PSR SDK Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00907.html
Intel PSR SDKに権限昇格の脆弱性
INTEL-SA-00912:Intel RealSense ID Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00912.html
Intel RealSense ID Softwareに権限昇格、サービス運用妨害(DoS)および情報漏えいの脆弱性
INTEL-SA-00917:Intel NUC BIOS Firmware Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html
複数のIntel NUCに権限昇格、サービス運用妨害(DoS)および情報漏えいの脆弱性
INTEL-SA-00932:Intel Unite Android App Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00932.html
Intel Unite Android Applicationに情報漏えいの脆弱性
INTEL-SA-00934:MAVinci Desktop Software for Intel Falcon 8+ Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00934.html
MAVinci Desktop Software for Intel Falcon 8+に権限昇格の脆弱性
INTEL-SA-00938:Intel ITS Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00938.html
Intel ITS Softwareに権限昇格の脆弱性
INTEL-SA-00946:Intel RealSenseTM SDK Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00946.html
Intel RealSenseTM SDKに権限昇格の脆弱性
CyberNewsFlashは、注意喚起とは異なり、発行時点では注意喚起の基準に満たない脆弱性の情報やセキュリティアップデート予告なども含まれます。今回の件を含め、提供いただける情報がありましたら、JPCERT/CCまでご連絡ください。
一般社団法人JPCERTコーディネーションセンター(JPCERT/CC)
早期警戒グループ
Email:ew-info@jpcert.or.jp