iTnews Asia
  • Home
  • News
  • Security

Intel patches dozens of bugs

Intel patches dozens of bugs

Baseboard management controller has authentication bypass.

By Richard Chirgwin on Feb 16, 2023 12:24PM

Intel has released a 25-strong collection of security advisories, including one for a critical vulnerability in its baseboard management controller (BMC) firmware.

Intel’s Integrated BMC and OpenBMC advisory covers five individual vulnerabilities including CVE-2021-39296, which Intel inherits from OpenBMC.

Crafted intelligent platform management interface (IPMI) messages allow an attacker to bypass authentication and obtain “full control of the system”.

Other BMC bugs include CVE-2022-35729, a denial-of-service via an out-of-bounds read in OpenBMC.

Among bugs rated as high risk, CVE-2022-25987 in Intel’s oneAPI toolkits offers network-based escalation of privilege for an unauthenticated attacker. 

The bug is described as an “improper handling of Unicode encoding in source code to be compiled by the Intel C++ Compiler Classic before version 2021.6 for Intel oneAPI Toolkits before version 2022.2”.

Some Atom and Xeon scalable processors may be subject to attack from an adjacent network in CVE-2022-21216, because of “insufficient granularity of access control”.

The company’s System Usage Report software is subject to a number of vulnerabilities that allow escalation of privilege and denial of service.

Another vulnerability has been found in Intel’s now-deprecated Software Guard eXtensions (SGX), as CVE-2022-33196.

Some memory controller configurations have incorrect default permissions allowing privilege escalation, but only via local access to a privileged user.

The full list of vulnerability disclosures is here.

To reach the editorial team on your feedback, story ideas and pitches, contact them here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
intel security vulnerability

Related Articles

  • How can the Agentic AI workspace remain secure for APAC organisations?
  • AI-fuelled attacks forcing enterprises to rethink security architecture
  • Malicious AI agents can severely disrupt APAC enterprises
  • A data-first AI strategy is critical to managing security threats in 2026
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

How can the Agentic AI workspace remain secure for APAC organisations?

How can the Agentic AI workspace remain secure for APAC organisations?

AI-fuelled attacks forcing enterprises to rethink security architecture

AI-fuelled attacks forcing enterprises to rethink security architecture

Malicious AI agents can severely disrupt APAC enterprises

Malicious AI agents can severely disrupt APAC enterprises

Identity is now the new cybersecurity battlefield

Identity is now the new cybersecurity battlefield

All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of Lighthouse Independent Media's Privacy Policy and Terms & Conditions.