2023年11月14日(現地時間)、Intelから31件のセキュリティアドバイザリが公開されました。複数の製品で権限昇格、サービス運用妨害(DoS)、情報漏えいなどの脆弱性が修正されています。影響を受ける製品やバージョンについての詳細は、Intelのアドバイザリを参照いただき、影響範囲の確認と対策をご検討ください。
Intel Corporation
Intel Product Security Center Advisories
https://www.intel.com/content/www/us/en/security-center/default.html
INTEL-SA-00719: Intel Server Board and Server System Firmware Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html
Intel Server BoardおよびServer Systemに権限昇格の脆弱性
INTEL-SA-00758: Intel Optane SSD and Intel Optane SSD DC Firmware Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html
Intel Optane SSDおよびIntel Optane SSD DCに権限昇格、サービス運用妨害(DoS)および情報漏えいの脆弱性
INTEL-SA-00841: Intel oneAPI Toolkit and Component Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00841.html
Intel oneAPI Toolkitに権限昇格の脆弱性
INTEL-SA-00843: Intel Battery Life Diagnostic Tool Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00843.html
Intel Battery Life Diagnostic Toolに権限昇格の脆弱性
INTEL-SA-00861: Intel QAT Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00861.html
Intel QAT Softwareに権限昇格および情報漏えいの脆弱性
INTEL-SA-00863: Intel Smart Campus Android App Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00863.html
Intel Smart Campus Android Appに権限昇格の脆弱性
INTEL-SA-00864: Intel Graphics Drivers Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html
Intel Graphics driversに権限昇格、サービス運用妨害(DoS)および情報漏えいの脆弱性
INTEL-SA-00869: Intel Ethernet Controllers and Adapters Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00869.html
Intel Ethernet ControllersおよびAdaptersにサービス運用妨害(DoS)の脆弱性
INTEL-SA-00870: Intel Chipset Device Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00870.html
Intel Chipset Device Softwareに権限昇格の脆弱性
INTEL-SA-00871: Intel RealSense Dynamic Calibration Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00871.html
Intel RealSense Dynamic Calibration softwareに権限昇格の脆弱性
INTEL-SA-00894: Intel Server Information Retrieval Utility Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00894.html
Intel Server Information Retrieval Utility softwareに権限昇格の脆弱性
INTEL-SA-00900: Intel OFU Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00900.html
Intel One Boot Flash Update (OFU) softwareに権限昇格の脆弱性
INTEL-SA-00901: Intel OpenVINO Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00901.html
Intel OpenVINOにサービス運用妨害(DoS)および情報漏えいの脆弱性
INTEL-SA-00902: Intel DCM Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00902.html
Intel DCMに権限昇格の脆弱性
INTEL-SA-00908: Intel NUC Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html
Intel NUC Softwareに権限昇格、サービス運用妨害(DoS)および情報漏えいの脆弱性
INTEL-SA-00914: Intel On Demand Agent Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00914.html
Intel On Demand Agent Softwareに情報漏えいの脆弱性
INTEL-SA-00924: 2023.4 IPU - BIOS Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00924.html
複数のIntelプロセッサに権限昇格、サービス運用妨害(DoS)の脆弱性
INTEL-SA-00925: Intel Server Configuration Utility Software Installer Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00925.html
Intel Server Configuration Utility Softwareに権限昇格の脆弱性
INTEL-SA-00941: Intel XTU Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00941.html
Intel Extreme Tuning Utility (XTU) Softwareに権限昇格の脆弱性
INTEL-SA-00943: Intel Simics Simulator Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00943.html
Intel Simics Simulator Softwareに権限昇格の脆弱性
INTEL-SA-00944: Intel Connectivity Performance Suite Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00944.html
一部のIntel製ワイヤレス製品のIntel Connectivity Performance Suite Softwareに情報漏えいの脆弱性
INTEL-SA-00945: Intel QAT Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00945.html
Linux用 Intel QAT ソフトウェアに権限昇格、サービス運用妨害(DoS)の脆弱性
INTEL-SA-00950: 2023.4 IPU - Intel Processor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html
複数のIntelプロセッサーに権限昇格、サービス運用妨害(DoS)および情報漏えいの脆弱性
INTEL-SA-00952: Intel Arc RGB Controller Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00952.html
Intel Arc RGB Controller Softwareに権限昇格の脆弱性
INTEL-SA-00957: Intel FPGA Firmware Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00957.html
Intel FPGA Firmwareに情報漏えいの脆弱性
INTEL-SA-00961: Intel Rapid Storage Technology Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00961.html
Intel Rapid Storage Technology Softwareに権限昇格の脆弱性
INTEL-SA-00963: Intel Unison Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html
Intel Unison Softwareに権限昇格、サービス運用妨害(DoS)および情報漏えいの脆弱性
INTEL-SA-00968: Intel In-Band Manageability Software Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00968.html
Intel In-Band Manageability Softwareに権限昇格の脆弱性
INTEL-SA-00971: Intel Core Processors with Radeon RX Vega M Graphics Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html
Radeon RX Vega M Graphicsを搭載したIntel Core Processorsに権限昇格、サービス運用妨害(DoS)および情報漏えいの脆弱性
INTEL-SA-00976: Intel Support Android App Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00976.html
Intel Support Android Appに情報漏えいの脆弱性
INTEL-SA-01001: Intel NUC Firmware Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html
Intel NUC Firmwareに権限昇格および情報漏えいの脆弱性
CyberNewsFlashは、注意喚起とは異なり、発行時点では注意喚起の基準に満たない脆弱性の情報やセキュリティアップデート予告なども含まれます。今回の件を含め、提供いただける情報がありましたら、JPCERT/CCまでご連絡ください。
一般社団法人JPCERTコーディネーションセンター(JPCERT/CC)
早期警戒グループ
Email:ew-info@jpcert.or.jp