Intel

Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may

CVE-2022-21125 5.5 - Medium - June 15, 2022

Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Insufficient Cleanup

Incomplete cleanup in specific special register read operations for some Intel(R) Processors may

CVE-2022-21127 5.5 - Medium - June 15, 2022

Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Insufficient Cleanup

Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may

CVE-2022-21123 5.5 - Medium - June 15, 2022

Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Insufficient Cleanup

Uncontrolled resource consumption in the Linux kernel drivers for Intel(R) SGX may

CVE-2021-33135 5.5 - Medium - May 12, 2022

Uncontrolled resource consumption in the Linux kernel drivers for Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access.

Resource Exhaustion

Insufficient control flow management in the Intel(R) Advisor software before version 7.6.0.37 may

CVE-2022-21128 7.8 - High - May 12, 2022

Insufficient control flow management in the Intel(R) Advisor software before version 7.6.0.37 may allow an authenticated user to potentially enable escalation of privilege via local access.

Improper Privilege Management

Uncontrolled search path in the Intel(R) XTU software before version 7.3.0.33 may

CVE-2022-22139 7.3 - High - May 12, 2022

Uncontrolled search path in the Intel(R) XTU software before version 7.3.0.33 may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Improper input validation in the Intel(R) In-Band Manageability software before version 2.13.0 may

CVE-2021-33108 6.7 - Medium - May 12, 2022

Improper input validation in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via local access.

Improper Input Validation

Improper input validation for the Intel(R) Manageability Commander before version 2.2 may

CVE-2021-0126 8 - High - May 12, 2022

Improper input validation for the Intel(R) Manageability Commander before version 2.2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

Improper Input Validation

Improper access control in the Intel(R) In-Band Manageability software before version 2.13.0 may

CVE-2021-0194 7.2 - High - May 12, 2022

Improper access control in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access.

authentification

Improper access control for the Intel(R) Killer(TM) Control Center software before version 2.4.3337.0 may

CVE-2021-26258 7.8 - High - May 12, 2022

Improper access control for the Intel(R) Killer(TM) Control Center software before version 2.4.3337.0 may allow an authorized user to potentially enable escalation of privilege via local access.

AuthZ

Hardware allows activation of test or debug logic at runtime for some Intel(R) Trace Hub instances which may allow an unauthenticated user to potentially enable escalation of privilege

CVE-2021-33150 6.8 - Medium - March 11, 2022

Hardware allows activation of test or debug logic at runtime for some Intel(R) Trace Hub instances which may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may

CVE-2022-0001 6.5 - Medium - March 11, 2022

Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may

CVE-2022-0002 6.5 - Medium - March 11, 2022

Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

Improper access control in the firmware for some Intel(R) Processors may

CVE-2021-0091 7.8 - High - February 09, 2022

Improper access control in the firmware for some Intel(R) Processors may allow an unauthenticated user to potentially enable an escalation of privilege via local access.

Improper Privilege Management

Improper access control in the firmware for some Intel(R) Processors may

CVE-2021-0092 4.4 - Medium - February 09, 2022

Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access.

Resource Exhaustion

Incorrect default permissions in the firmware for some Intel(R) Processors may

CVE-2021-0093 4.4 - Medium - February 09, 2022

Incorrect default permissions in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access.

Incorrect Default Permissions

Insufficient control flow management in the firmware for some Intel(R) Processors may

CVE-2021-0099 7.8 - High - February 09, 2022

Insufficient control flow management in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access.

Improper Privilege Management

Insufficient control flow management in the firmware for some Intel(R) Processors may

CVE-2021-0103 6.7 - Medium - February 09, 2022

Insufficient control flow management in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

Improper Privilege Management

Unchecked return value in the firmware for some Intel(R) Processors may

CVE-2021-0107 6.7 - Medium - February 09, 2022

Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Unchecked Return Value

NULL pointer dereference in the firmware for some Intel(R) Processors may

CVE-2021-0111 6.7 - Medium - February 09, 2022

NULL pointer dereference in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

NULL Pointer Dereference

Buffer overflow in the firmware for some Intel(R) Processors may

CVE-2021-0115 6.7 - Medium - February 09, 2022

Buffer overflow in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Classic Buffer Overflow

Improper access control in the Intel(R) Capital Global Summit Android application may

CVE-2022-21153 5.5 - Medium - February 09, 2022

Improper access control in the Intel(R) Capital Global Summit Android application may allow an authenticated user to potentially enable information disclosure via local access.

AuthZ

Improper access control in the Intel(R) Smart Campus Android application before version 6.1 may

CVE-2022-21157 5.5 - Medium - February 09, 2022

Improper access control in the Intel(R) Smart Campus Android application before version 6.1 may allow authenticated user to potentially enable information disclosure via local access.

AuthZ

Improper access control in a third-party component of Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may

CVE-2022-21174 7.8 - High - February 09, 2022

Improper access control in a third-party component of Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

AuthZ

Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may

CVE-2021-33107 4.6 - Medium - February 09, 2022

Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information disclosure via physical access.

Insufficiently Protected Credentials

Improper input validation in a third-party component for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may

CVE-2021-44454 7.8 - High - February 09, 2022

Improper input validation in a third-party component for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Improper Input Validation

Improper permissions in the SafeNet Sentinel driver for Intel(R) Quartus(R) Prime Standard Edition before version 21.1 may

CVE-2022-21203 7.8 - High - February 09, 2022

Improper permissions in the SafeNet Sentinel driver for Intel(R) Quartus(R) Prime Standard Edition before version 21.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Improper Preservation of Permissions

Insufficient control flow management in some Intel(R) Processors may

CVE-2021-0127 5.5 - Medium - February 09, 2022

Insufficient control flow management in some Intel(R) Processors may allow an authenticated user to potentially enable a denial of service via local access.

Improper initialization of shared resources in some Intel(R) Processors may

CVE-2021-0145 5.5 - Medium - February 09, 2022

Improper initialization of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Improper Initialization

Improper locking in the Power Management Controller (PMC) for some Intel Chipset firmware before versions pmc_fw_lbg_c1-21ww02a and pmc_fw_lbg_b0-21ww02a may

CVE-2021-0147 4.4 - Medium - February 09, 2022

Improper locking in the Power Management Controller (PMC) for some Intel Chipset firmware before versions pmc_fw_lbg_c1-21ww02a and pmc_fw_lbg_b0-21ww02a may allow a privileged user to potentially enable denial of service via local access.

Improper Synchronization

Out-of-bounds write in the Intel(R) Kernelflinger project may

CVE-2021-33137 7.8 - High - February 09, 2022

Out-of-bounds write in the Intel(R) Kernelflinger project may allow an authenticated user to potentially enable escalation of privilege via local access.

Memory Corruption

Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may

CVE-2022-21204 7.8 - High - February 09, 2022

Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Incorrect Default Permissions

Improper restriction of XML external entity reference in DSP Builder Pro for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may

CVE-2022-21205 7.5 - High - February 09, 2022

Improper restriction of XML external entity reference in DSP Builder Pro for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an unauthenticated user to potentially enable information disclosure via network access.

XXE

Improper restriction of XML external entity for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may

CVE-2022-21220 7.8 - High - February 09, 2022

Improper restriction of XML external entity for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

XXE

Improper access control in the Intel(R) Advisor software before version 2021.2 may

CVE-2021-23152 7.8 - High - February 09, 2022

Improper access control in the Intel(R) Advisor software before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

AuthZ

Null pointer dereference in subsystem for Intel(R) AMT before versions 15.0.35 may

CVE-2021-33068 6.5 - Medium - February 09, 2022

Null pointer dereference in subsystem for Intel(R) AMT before versions 15.0.35 may allow an authenticated user to potentially enable denial of service via network access.

NULL Pointer Dereference

Uncontrolled search path in the Intel(R) GPA software before version 21.2 may

CVE-2021-33101 7.8 - High - February 09, 2022

Uncontrolled search path in the Intel(R) GPA software before version 21.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Improper access control in the Intel(R) RealSense(TM) DCM before version 20210625 may

CVE-2021-33119 5.5 - Medium - February 09, 2022

Improper access control in the Intel(R) RealSense(TM) DCM before version 20210625 may allow an authenticated user to potentially enable information disclosure via local access.

AuthZ

Incorrect default permissions in the software installer for the Intel(R) Advisor before version 2021.4.0 may

CVE-2021-33129 7.8 - High - February 09, 2022

Incorrect default permissions in the software installer for the Intel(R) Advisor before version 2021.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Incorrect Default Permissions

Uncaught exception in the Intel(R) Trace Analyzer and Collector before version 2021.5 may

CVE-2022-21218 5.5 - Medium - February 09, 2022

Uncaught exception in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable information disclosure via local access.

Improper Handling of Exceptional Conditions

Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before version 2021.5 may

CVE-2022-21226 5.5 - Medium - February 09, 2022

Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable information disclosure via local access.

Out-of-bounds Read

Improper conditions check in the Intel(R) IPP Crypto library before version 2021.2 may

CVE-2021-33147 5.5 - Medium - February 09, 2022

Improper conditions check in the Intel(R) IPP Crypto library before version 2021.2 may allow an authenticated user to potentially enable information disclosure via local access.

Improper Check for Unusual or Exceptional Conditions

Incorrect default permissions for the Intel(R) RXT for Chromebook application, all versions, may

CVE-2021-33166 5.5 - Medium - February 09, 2022

Incorrect default permissions for the Intel(R) RXT for Chromebook application, all versions, may allow an authenticated user to potentially enable information disclosure via local access.

Incorrect Default Permissions

Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before version 2021.5 may

CVE-2022-21133 5.5 - Medium - February 09, 2022

Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable denial of service via local access.

Out-of-bounds Read

Access of uninitialized pointer in the Intel(R) Trace Analyzer and Collector before version 2021.5 may

CVE-2022-21156 5.5 - Medium - February 09, 2022

Access of uninitialized pointer in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable denial of service via local access.

Access of Uninitialized Pointer

An issue was discovered in the DNS proxy in Connman through 1.40

CVE-2022-23096 9.1 - Critical - January 28, 2022

An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read.

Out-of-bounds Read

An issue was discovered in the DNS proxy in Connman through 1.40

CVE-2022-23098 7.5 - High - January 28, 2022

An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received.

Infinite Loop

An issue was discovered in the DNS proxy in Connman through 1.40

CVE-2022-23097 9.1 - Critical - January 28, 2022

An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read.

Out-of-bounds Read

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations

CVE-2021-45046 9 - Critical - December 14, 2021

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.

Marshaling, Unmarshaling

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2

CVE-2021-44228 10 - Critical - December 10, 2021

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Marshaling, Unmarshaling

Improper input validation in the Intel(R) Administrative Tools for Intel(R) Network Adapters driver for Windows before version 1.4.0.15, may

CVE-2021-33059 6.7 - Medium - November 17, 2021

Improper input validation in the Intel(R) Administrative Tools for Intel(R) Network Adapters driver for Windows before version 1.4.0.15, may allow a privileged user to potentially enable escalation of privilege via local access.

Improper Input Validation

Incorrect default permissions in the software installer for the Intel(R) VTune(TM) Profiler before version 2021.3.0 may

CVE-2021-33062 7.8 - High - November 17, 2021

Incorrect default permissions in the software installer for the Intel(R) VTune(TM) Profiler before version 2021.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Incorrect Default Permissions

Incorrect default permissions in the installer for the Intel(R) oneAPI Rendering Toolkit before version 2021.2 may

CVE-2021-33071 7.8 - High - November 17, 2021

Incorrect default permissions in the installer for the Intel(R) oneAPI Rendering Toolkit before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Incorrect Default Permissions

Improper input validation in the Intel(R) Ethernet Diagnostic Driver for Windows before version 1.4.0.10 may

CVE-2021-0135 6.7 - Medium - November 17, 2021

Improper input validation in the Intel(R) Ethernet Diagnostic Driver for Windows before version 1.4.0.10 may allow a privileged user to potentially enable escalation of privilege via local access.

Improper Input Validation

Improper permissions in the installer for the Intel(R) Thunderbolt(TM) non-DCH driver, all versions, for Windows may

CVE-2020-8741 7.8 - High - November 17, 2021

Improper permissions in the installer for the Intel(R) Thunderbolt(TM) non-DCH driver, all versions, for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.

Incorrect Default Permissions

Improper input validation for Intel(R) EMA before version 1.5.0 may

CVE-2021-0013 7.5 - High - November 17, 2021

Improper input validation for Intel(R) EMA before version 1.5.0 may allow an unauthenticated user to potentially enable denial of service via network access.

Improper Input Validation

Improper input validation in the Intel(R) SGX SDK applications compiled for SGX2 enabled processors may

CVE-2021-0186 6.7 - Medium - November 17, 2021

Improper input validation in the Intel(R) SGX SDK applications compiled for SGX2 enabled processors may allow a privileged user to potentially escalation of privilege via local access.

Improper Input Validation

Improper access control in the software installer for the Intel(R) Serial IO driver for Intel(R) NUC 11 Gen before version 30.100.2104.1 may

CVE-2021-33118 7.8 - High - November 17, 2021

Improper access control in the software installer for the Intel(R) Serial IO driver for Intel(R) NUC 11 Gen before version 30.100.2104.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

AuthZ

Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may

CVE-2021-0157 6.7 - Medium - November 17, 2021

Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Improper input validation in the BIOS firmware for some Intel(R) Processors may

CVE-2021-0158 6.7 - Medium - November 17, 2021

Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Improper Input Validation

Uncontrolled resource consumption in the Intel(R) HAXM software before version 7.6.6 may

CVE-2021-0180 8.4 - High - November 17, 2021

Uncontrolled resource consumption in the Intel(R) HAXM software before version 7.6.6 may allow an unauthenticated user to potentially enable privilege escalation via local access.

Resource Exhaustion

Uncontrolled resource consumption in the Intel(R) HAXM software before version 7.6.6 may

CVE-2021-0182 6.2 - Medium - November 17, 2021

Uncontrolled resource consumption in the Intel(R) HAXM software before version 7.6.6 may allow an unauthenticated user to potentially enable information disclosure via local access.

Resource Exhaustion

Uncontrolled resource consumption in the Intel(R) Distribution of OpenVINO⢠Toolkit before version 2021.4 may

CVE-2021-33073 5.5 - Medium - November 17, 2021

Uncontrolled resource consumption in the Intel(R) Distribution of OpenVINO⢠Toolkit before version 2021.4 may allow an unauthenticated user to potentially enable denial of service via local access.

Resource Exhaustion

Time-of-check time-of-use vulnerability in the Crypto API Toolkit for Intel(R) SGX may

CVE-2021-33097 6.6 - Medium - November 17, 2021

Time-of-check time-of-use vulnerability in the Crypto API Toolkit for Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via network access.

TOCTTOU

Improper access control in the installer Intel(R)Administrative Tools for Intel(R) Network Adaptersfor Windowsbefore version 1.4.0.21 may

CVE-2021-33058 7.8 - High - November 17, 2021

Improper access control in the installer Intel(R)Administrative Tools for Intel(R) Network Adaptersfor Windowsbefore version 1.4.0.21 may allow an unauthenticated user to potentially enable escalation of privilege via local access.

AuthZ

Integer overflow in the Safestring library maintained by Intel(R) may

CVE-2021-33106 7.8 - High - November 17, 2021

Integer overflow in the Safestring library maintained by Intel(R) may allow an authenticated user to potentially enable escalation of privilege via local access.

Integer Overflow or Wraparound

Unchecked return value in the firmware for some Intel(R) Processors may

CVE-2021-0114 6.7 - Medium - August 16, 2021

Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

Insecure Default Initialization of Resource

Insecure default variable initialization for the Intel BSSA DFT feature may

CVE-2021-0144 6.7 - Medium - July 14, 2021

Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to potentially enable an escalation of privilege via local access.

Insecure Default Initialization of Resource

Improper permissions in the installer for the Intel(R) Brand Verification Tool before version 11.0.0.1225 may

CVE-2021-0143 7.8 - High - June 17, 2021

Improper permissions in the installer for the Intel(R) Brand Verification Tool before version 11.0.0.1225 may allow an authenticated user to potentially enable escalation of privilege via local access.

Incorrect Default Permissions

Improper link resolution before file access in Intel(R) DSA before version 20.11.50.9 may

CVE-2021-0094 7.8 - High - June 09, 2021

Improper link resolution before file access in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access.

insecure temporary file

Improper access control in the Intel Unite(R) Client for Windows before version 4.2.25031 may

CVE-2021-0098 7.8 - High - June 09, 2021

Improper access control in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access.

Improper Privilege Management

Incomplete cleanup in some Intel(R) VT-d products may

CVE-2020-24489 8.8 - High - June 09, 2021

Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.

Insufficient Cleanup

Observable response discrepancy in floating-point operations for some Intel(R) Processors may

CVE-2021-0086 6.5 - Medium - June 09, 2021

Observable response discrepancy in floating-point operations for some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

Side Channel Attack

Insecure inherited permissions in the Intel Unite(R) Client for Windows before version 4.2.25031 may

CVE-2021-0102 7.8 - High - June 09, 2021

Insecure inherited permissions in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access.

Incorrect Permission Assignment for Critical Resource

Uncontrolled search path in the Intel Unite(R) Client for Windows before version 4.2.25031 may

CVE-2021-0108 7.3 - High - June 09, 2021

Uncontrolled search path in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access.

DLL preloading

Observable timing discrepancy in Intel(R) IPP before version 2020 update 1 may

CVE-2021-0001 4.7 - Medium - June 09, 2021

Observable timing discrepancy in Intel(R) IPP before version 2020 update 1 may allow authorized user to potentially enable information disclosure via local access.

Side Channel Attack

Insecure inherited permissions in the installer for the Intel(R) VTune(TM) Profiler before version 2021.1.1 may

CVE-2021-0077 7.8 - High - June 09, 2021

Insecure inherited permissions in the installer for the Intel(R) VTune(TM) Profiler before version 2021.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Incorrect Permission Assignment for Critical Resource

Uncontrolled search path element in the installer for the Intel(R) Rapid Storage Technology software, before versions 17.9.0.34, 18.0.0.640 and 18.1.0.24, may

CVE-2021-0104 7.8 - High - June 09, 2021

Uncontrolled search path element in the installer for the Intel(R) Rapid Storage Technology software, before versions 17.9.0.34, 18.0.0.640 and 18.1.0.24, may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Incorrect default privileges in the Intel(R) Computing Improvement Program before version 2.4.6522 may

CVE-2021-0052 7.8 - High - June 09, 2021

Incorrect default privileges in the Intel(R) Computing Improvement Program before version 2.4.6522 may allow an authenticated user to potentially enable an escalation of privilege via local access.

Improper Privilege Management

Improper permissions in the installer for the Intel(R) Computing Improvement Program software before version 2.4.5982 may

CVE-2021-0074 7.8 - High - June 09, 2021

Improper permissions in the installer for the Intel(R) Computing Improvement Program software before version 2.4.5982 may allow an authenticated user to potentially enable escalation of privilege via local access.

Improper Preservation of Permissions

Insufficient control flow management in Intel(R) DSA before version 20.11.50.9 may

CVE-2021-0073 7.8 - High - June 09, 2021

Insufficient control flow management in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable escalation of privilege via local access.

Uncontrolled search path element in Intel(R) DSA before version 20.11.50.9 may

CVE-2021-0090 7.3 - High - June 09, 2021

Uncontrolled search path element in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access.

DLL preloading

Unquoted service path in the Intel Unite(R) Client for Windows before version 4.2.25031 may

CVE-2021-0112 7.3 - High - June 09, 2021

Unquoted service path in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access.

Unquoted Search Path or Element

Incorrect default permissions in the installer for the Intel(R) SSD Data Center Tool, versions downloaded before 12/31/2020, may

CVE-2021-0100 7.8 - High - June 09, 2021

Incorrect default permissions in the installer for the Intel(R) SSD Data Center Tool, versions downloaded before 12/31/2020, may allow an authenticated user to potentially enable escalation of privilege via local access.

Incorrect Default Permissions

Race condition in a subsystem in the Intel(R) LMS versions before 2039.1.0.0 may

CVE-2020-8704 6.4 - Medium - June 09, 2021

Race condition in a subsystem in the Intel(R) LMS versions before 2039.1.0.0 may allow a privileged user to potentially enable escalation of privilege via local access.

Race Condition

Insufficient control flow management in subsystem in Intel(R) SPS versions before SPS_E3_05.01.04.300.0, SPS_SoC-A_05.00.03.091.0, SPS_E5_04.04.04.023.0, or SPS_E5_04.04.03.263.0 may

CVE-2020-24509 6.7 - Medium - June 09, 2021

Insufficient control flow management in subsystem in Intel(R) SPS versions before SPS_E3_05.01.04.300.0, SPS_SoC-A_05.00.03.091.0, SPS_E5_04.04.04.023.0, or SPS_E5_04.04.03.263.0 may allow a privileged user to potentially enable escalation of privilege via local access.

Uncontrolled search path element in the Intel(R) Processor Diagnostic Tool before version 4.1.5.37 may

CVE-2020-8702 7.3 - High - June 09, 2021

Uncontrolled search path element in the Intel(R) Processor Diagnostic Tool before version 4.1.5.37 may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Observable timing discrepancy in some Intel(R) Processors may

CVE-2020-24512 3.3 - Low - June 09, 2021

Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Side Channel Attack

Improper isolation of shared resources in some Intel(R) Processors may

CVE-2020-24511 6.5 - Medium - June 09, 2021

Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Exposure of Resource to Wrong Sphere

Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may

CVE-2020-24513 6.5 - Medium - June 09, 2021

Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c

CVE-2021-33833 9.8 - Critical - June 09, 2021

ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA).

Memory Corruption

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data

CVE-2021-26314 5.5 - Medium - June 09, 2021

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.

Exposure of Resource to Wrong Sphere

Potential speculative code store bypass in all supported CPU products

CVE-2021-26313 5.5 - Medium - June 09, 2021

Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.

Exposure of Resource to Wrong Sphere

Improper conditions check in the Intel(R) FPGA OPAE Driver for Linux before kernel version 4.17 may

CVE-2020-24485 7.8 - High - February 17, 2021

Improper conditions check in the Intel(R) FPGA OPAE Driver for Linux before kernel version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Out-of-bounds write in the Intel(R) XTU before version 6.5.3.25 may

CVE-2020-24480 4.4 - Medium - February 17, 2021

Out-of-bounds write in the Intel(R) XTU before version 6.5.3.25 may allow a privileged user to potentially enable denial of service via local access.

Memory Corruption

A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.

CVE-2021-26675 8.8 - High - February 09, 2021

A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.

Memory Corruption

gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information

CVE-2021-26676 6.5 - Medium - February 09, 2021

gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp.

Insufficient control flow management in the Open WebRTC Toolkit before version 4.3.1 may

CVE-2020-12338 9.8 - Critical - November 13, 2020

Insufficient control flow management in the Open WebRTC Toolkit before version 4.3.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Insecure default variable initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may

CVE-2020-12327 4.4 - Medium - November 12, 2020

Insecure default variable initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow a privileged user to potentially enable information disclosure via local access.

Insecure Default Initialization of Resource

Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may

CVE-2020-8669 6.5 - Medium - November 12, 2020

Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access.

Improper Input Validation