Intel修复多个漏洞风险通告
发布时间 2020-01-16漏洞编号和级别
CVE编号:CVE-2019-14613,危险级别:高危,CVSS分值:厂商自评:8.2,官方未评定
CVE编号:CVE-2019-14601,危险级别:中危,CVSS分值:厂商自评:6.7,官方未评定
CVE编号:CVE-2019-14600,危险级别:中危,CVSS分值:厂商自评:6.5,官方未评定
CVE编号:CVE-2019-14615,危险级别:中危,CVSS分值:厂商自评:6.3,官方未评定
CVE编号:CVE-2019-14596,危险级别:中危,CVSS分值:厂商自评:5.9,官方未评定
CVE编号:CVE-2019-14629,危险级别:低危,CVSS分值:厂商自评:3.9,官方未评定
影响版本
CVE-2019-14613
Intel® VTune™ Amplifier for Windows* before update 8.
CVE-2019-14601
Intel® RWC 3 for Windows* before version 7.010.009.000.
CVE-2019-14600
Intel® SNMP Subagent Stand-Alone Advisory for Windows* all versions.
CVE-2019-14615
3rd Generation Intel® Core™ Processors *
4th Generation Intel® Core™ Processors *
6th Generation Intel® Core™ Processors
7th Generation Intel® Core™ Processors
8th Generation Intel® Core™ Processors
9th Generation Intel® Core™ Processors
10th Generation Intel® Core™ Processors
Intel® Xeon® Processor E3 v2 Family *
Intel® Xeon® Processor E3 v3 Family *
Intel® Xeon® Processor E3 v5 Family
Intel® Xeon® Processor E3 v6 Family
Intel® Xeon® Processor E-2100 Family
Intel® Xeon® Processor E-2200 Family
Intel® Pentium® Processor A1000 Series *
Intel® Pentium® Processor 2000 Series *
Intel® Pentium® Processor 3500 Series *
Intel® Pentium® Processor 4000 Series
Intel® Pentium® Processor G2000 Series *
Intel® Pentium® Processor G3000 Series *
Intel® Pentium® Processor G4000 Series
Intel® Pentium® Processor J2000 Series *
Intel® Pentium® Processor J3000 Series
Intel® Pentium® Processor J4000 Series
Intel® Pentium® Processor N3500 Series *
Intel® Pentium® Processor N3700 Series
Intel® Pentium® Processor N4000 Series
Intel® Pentium® Processor Silver Series
Intel® Pentium® Processor Gold Series
Intel® Celeron® Processor 927UE *
Intel® Celeron® Processor 1000 Series *
Intel® Celeron® Processor 2000 Series
Intel® Celeron® Processor 3800 Series
Intel® Celeron® Processor 3900 Series
Intel® Celeron® Processor 4000 Series
Intel® Celeron® Processor 5000 Series
Intel® Celeron® Processor G1000 Series *
Intel® Celeron® Processor G3000 Series
Intel® Celeron® Processor G4000 Series
Intel® Celeron® Processor J1000 Series *
Intel® Celeron® Processor J3000 Series
Intel® Celeron® Processor J4000 Series
Intel® Celeron® Processor N2000 Series *
Intel® Celeron® Processor N3000 Series
Intel® Celeron® Processor N4000 Series
Intel® Celeron® Processor G3900 Series
Intel® Celeron® Processor G4900 Series
Intel® Atom® Processor A Series
Intel® Atom® Processor E Series *
Intel® Atom® Processor X Series
Intel® Atom® Processor Z Series *
CVE-2019-14596
Intel® Chipset Device Software INF Utility before version 10.1.18
CVE-2019-14629
Intel® DAAL before version 2020 Gold.
漏洞概述
Intel为2020年1月补丁日修复的六个安全漏洞发布了六个安全通告,尽管Intel表示没有证据显示这些漏洞已经被野外利用,但建议用户尽快安装更新。其中有两个漏洞值得注意:编号为CVE-2019-14613的第一个漏洞影响Windows版的Intel VTune Amplifier,该漏洞可能允许本地攻击者提升自己的权限;编号为CVE-2019-14615的第二个漏洞影响各种处理器(包括最新的第十代Ice Lake处理器)上的Windows和Linux图形驱动程序,该漏洞可能导致信息泄露。
漏洞验证
暂无POC/EXP。
修复建议
Intel已发布更新,下载链接见参考链接。
参考链接
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00325.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00308.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00300.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00314.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00306.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00332.html
京公网安备11010802024551号