Intel releases medium and low-rated security advisories

Original Post from SC Magazine
Author: Doug Olenick

Intel posted two security advisories for its Easy Streaming
Wizard (CVE-2019-11166) and Data Direct I/O Technology (DDIO) and Remote Direct
Memory Access (RDMA).

A potential escalation of privileges vulnerability, rated as
a medium threat, exists with Easy
Streaming Wizard
on versions before 2.1.0731 due to improper file
permissions in the installer.

Intel plans on issuing a software update to fix the issue.

The low-rated CVE-2019-11184
affects Intel Xeon E5, E7 and SP families that support DDIO and RDMA. The
vulnerability is due to a race condition in specific microprocessors using
Intel DDIO cache allocation and RDMA may allow an authenticated user to
potentially enable partial information disclosure via adjacent access.

There is no patch for this condition, but Intel is
recommending that where DDIO & RDMA are enabled, admins should limit direct
access from untrusted networks and the use of software modules resistant to
timing attacks, using constant-time style code.

Related Articles

The post Intel releases medium and low-rated security advisories appeared first on SC Media.


Go to Source
Author: Doug Olenick

Leave a Reply

Your email address will not be published. Required fields are marked *

WordPress Appliance - Powered by TurnKey Linux