Intel has issued a security advisory detailing over 20 vulnerabilities impacting its processors, urging users to update their systems promptly. The vulnerabilities primarily affect Intel’s UEFI firmware, which is used in a wide range of processors, including the Atom, Xeon, Pentium, Celeron, and Core series. These flaws can lead to severe consequences such as privilege escalation, denial of service, and information disclosure, posing significant security risks to affected systems. Intel’s advisory, released on September 10, 2024, warned users about the potential threats that unpatched systems could face.
Several of the vulnerabilities were rated “high” on the Common Vulnerability Scoring System (CVSS), indicating that they present substantial threats if not addressed. The issues vary in nature, with some stemming from improper input validation and others from race conditions in the firmware. Among the most concerning flaws is CVE-2024-23599, a race condition in Seamless Firmware Updates that could lead to a denial of service. Another critical vulnerability, CVE-2024-21871, results from improper input validation and could allow attackers to escalate privileges on the system.
The affected processors span multiple Intel product lines, including the Intel® Xeon® Processor D Family, the 10th to 13th Generation Intel® Core™ Processors, and Intel® Pentium® N series processors. The vulnerabilities could leave these systems exposed to various cyberattacks if left unpatched. Intel’s advisory follows its Coordinated Disclosure process, meaning the company only disclosed these vulnerabilities after patches or mitigations were made available. Users are strongly encouraged to reach out to their system manufacturers for firmware updates that address these issues.
Intel has acknowledged the important contributions of independent security researchers, such as Phoenix Technologies and Jeremy Boone, who played a vital role in identifying and reporting many of these vulnerabilities. Though no known exploits are currently in the wild, the evolving nature of cyber threats underscores the importance of promptly updating systems to safeguard against potential attacks. Both individual users and businesses relying on Intel processors should act quickly to mitigate these vulnerabilities and protect their systems.
Reference:
