Intel released its quarterly security report which included various security vulnerabilities in its products including their NUC motherboards, and firmware. The issues were divided into four groups.
Products with security vulnerabilities included in the report:
- Intel Media Software Development Kit – high severity
- Intel Graphics Performance Analyser for Linux – medium severity
- ‘some microprocessors’ – medium severity
- Intel NUC motherboards – high severity
The relatively lower severe issue again lies in the microprocessors division, which is out of reach of a normal user and is considerably less troublesome than Spectre or Meltdown, but it exploits the underlying Virtual Memory Mapping to potentially disclose information if a user is authenticated to the system.
Intel Graphics Performance Analyser for Linux exploit gives escalated privileges due to insufficient path checking during the installation process. The issue is rated as medium severity because it works only during the installation process of the software.
High above in the Intel’s severity ranking is a security flaw in its NUC Broadwell – U i5 motherboards prior to firmware version MYBDWi5v.86A, where an authenticated user can upgrade their privileges and perform DOS attacks on the system. This, as explained by Intel, occurs due to insufficient input validation in the system.
The other high severity flaw in Intel Media SDK was discovered internally by Intel and can be patched by upgrading to Intel Media SDK 2018 R2.1. However, the Virtual Memory Mapping issue can only be fixed by developers tweaking their software by resisting side channel attacks which means Intel won’t be able to fix the issue.