Intel Fixes High-Severity Flaws in NUC, Discontinues Buggy Compute Module
upstart writes in with an IRC submission for Bytram:
Intel Fixes High-Severity Flaws in NUC, Discontinues Buggy Compute Module:
Intel has stomped out high-severity flaws in its Next Unit Computing (NUC) mini PC firmware, and in its Modular Server MFS2600KISPP Compute Module.
Overall, Intel addressed nine vulnerabilities across six products in its April security update - two of those being high-severity, and the rest being medium-severity. If exploited, the flaws could allow attackers to escalate privileges or launch denial-of-service (DoS) attacks.
One of the high-severity flaws stems from a compute module (MFS2600KISPP) used in Intel's modular server system, which is a blade system for Intel motherboards and processors first introduced in 2008. The vulnerability stems from an improper conditions check, which could allow an unauthenticated user to potentially enable escalation of privilege (via adjacent access). The flaw (CVE-2020-0578) ranks 7.1 out of 10 on the CVSS severity scale.
In addition to this flaw, two medium-severity flaws were also discovered in the same compute module: A buffer overflow (CVE-2020-0576) vulnerability that could allow an unauthenticated attacker to launch a DoS attack (via adjacent access); and an insufficient control flow glitch (CVE-2020-0577) that allows an unauthenticated user to potentially escalate privileges via adjacent access.
All versions of the MFS2600KISPP compute module are affected, but Intel said that it is not releasing security updates to mitigate the bugs - instead, it will discontinue the MFS2600KISPP compute module entirely.
"Intel has issued a product-discontinuation notice for Intel Modular Server MFS2600KISPP Compute Module and recommends that users of the Intel Modular Server MFS2600KISPP Compute Module to discontinue use at their earliest convenience," according to Intel's advisory.
Previously:
High-Severity Flaws Plague Intel Graphics Drivers
Read more of this story at SoylentNews.