影響を受ける製品やバージョン
【外部リンク】
https://jvn.jp/vu/JVNVU92328381/
JVNVU#92328381
Intel 製品に複数の脆弱性
概要
Intel から各製品向けのアップデートが公開されました。
影響を受けるシステム
影響を受ける製品やバージョンは環境により異なります。詳細については各アドバイザリを参照してください。
INTEL-SA-00204: Intel PROSet/Wireless WiFi Software Advisory
Intel PROSet/Wireless WiFi Software
20.100 およびそれ以前のバージョン
INTEL-SA-00213: Intel® CSME, Intel® SPS, Intel® TXE, Intel® DAL, and Intel® AMT 2019.1 QSR Advisory
Intel Server Platform Services (SPS)
SPS_E5_04.00.04.381.0 より前のバージョン
SPS_E3_04.01.04.054.0 より前のバージョン
SPS_E3_05.00.04.027.0 より前のバージョン
SPS_SoC-A_04.00.04.181.0 より前のバージョン
SPS_SoC-X_04.00.04.086.0 より前のバージョン
Intel Converged Security & Management Engine (CSME), Intel Active Management Technology (AMT), Intel Dynamic Application Loader (DAL)
11.8.65 より前のバージョン
11.11.65 より前のバージョン
11.22.65 より前のバージョン
12.0.35 より前のバージョン
Intel Trusted Execution Engine Interface (TXE)
3.1.65 より前のバージョン
4.0.15 より前のバージョン
INTEL-SA-00218: Intel® Graphics Driver for Windows* 2019.1 QSR Advisory
Graphics Driver for Windows version 10.18.14.5067 (aka 15.36.x.5067) より前および version 10.18.10.5069 (aka 15.33.x.5069) より前を搭載している、以下のプロセッサを使用したシステム
Windows 7 および Windows 8.1 を実行している 4th Generation Intel Core / Pentium / Xeon (E3 v3 only) Processor (Haswell)
3rd Generation Intel Core / Pentium / Xeon (E3 v3 only) Processor (Ivybridge)
Intel Pentium / Celeron / Atom Processor (Baytrail)
INTEL-SA-00223: 2019.1 QSR UEFI Advisory
以下のプロセッサ向けfirmware
Intel Xeon Processor D Family
Intel Xeon Scalable Processor
Intel Server Board
Intel Server System
Intel Compute Module
Intel Pentium Processor J Series
Intel Pentium Processor N Series
Intel Celeron J Series
Intel Celeron N Series
Intel Atom Processor A Series
Intel Atom Processor E3900 Series
Intel Pentium Processor Silver Series
INTEL-SA-00228: Intel Unite Client Advisory
Intel Unite Client
3.3.176.13 より前のバージョン
INTEL-SA-00233: Microarchitectural Data Sampling Advisory
Intel が提供しているこちらのリストを参照してください。
Intel から提供されているレポート
INTEL-SA-00234: Intel® SCS Discovery Utility and Intel® ACU Wizard Advisory
Intel SCS Discovery Utility: SCS_download_package
12.0.0.129 およびそれ以前のバージョン
Intel ACU Wizard: Configurator_download_package
12.0.0.129 およびそれ以前のバージョン
INTEL-SA-00244: Intel® Quartus® Software Advisory
Intel Quartus Prime
15.1 から 18.1 までのバージョン
Intel Quartus II
9.1 から 15.0 までのバージョン
INTEL-SA-00245: Intel Unite® Client for Android* Advisory
Intel Unite Client for Android
4.0 より前のバージョン
INTEL-SA-00249: Intel® i915 Graphics for Linux Advisory
Intel i915 Graphics for Linux
5.0 より前のバージョン
INTEL-SA-00251: Intel® NUC Advisory
Intel NUC Kit NUC8i7HNK
Intel NUC Kit NUC8i7HVK
Intel NUC Kit NUC7i7DNHE
Intel NUC Kit NUC7i7DNKE
Intel NUC Kit NUC7i5DNHE
Intel NUC Kit NUC7i5DNHE
Intel NUC Board NUC7i7DNBE
INTEL-SA-00252: Intel® Driver & Support Assistant Advisory
Intel Driver & Support Assistant
19.3.12.3 およびそれ以前のバージョン
詳細情報
Intel から各製品向けのアップデートが公開されました。
想定される影響
権限昇格
INTEL-SA-00204
CVE-2018-3701
INTEL-SA-00213
CVE-2019-0086
CVE-2019-0089
CVE-2019-0090
CVE-2019-0091
CVE-2019-0092
CVE-2019-0096
CVE-2019-0098
CVE-2019-0099
CVE-2019-0153
CVE-2019-0170
INTEL-SA-00223
CVE-2019-0119
CVE-2019-0126
INTEL-SA-00234
CVE-2019-0138
CVE-2019-11093
INTEL-SA-00244
CVE-2019-0171
INTEL-SA-00245
CVE-2019-0172
INTEL-SA-00249
CVE-2019-11085
INTEL-SA-00251
CVE-2019-11094
情報漏えい
INTEL-SA-00213
CVE-2019-0093
INTEL-SA-00223
CVE-2019-0119
INTEL-SA-00233
CVE-2018-12126
CVE-2018-12127
CVE-2018-12130
CVE-2019-11091
INTEL-SA-00251
CVE-2019-11094
INTEL-SA-00252
CVE-2019-11095
サービス運用妨害 (DoS) 攻撃
INTEL-SA-00213
CVE-2019-0094
CVE-2019-0097
INTEL-SA-00218
CVE-2019-0113
CVE-2019-0114
CVE-2019-0115
CVE-2019-0116
INTEL-SA-00223
CVE-2019-0119
CVE-2019-0120
CVE-2019-0126
INTEL-SA-00228
CVE-2019-0132
INTEL-SA-00251
CVE-2019-11094
INTEL-SA-00252
CVE-2019-11114
対策方法
Intel および各ハードウェアベンダが提供する情報をもとに最新版へアップデートしてください。
ベンダ情報
ベンダ リンク
Intel [INTEL-SA-00204] Intel® PROSet/Wireless WiFi Software Advisory
[INTEL-SA-00213] Intel® CSME, SPS, TXE, DAL, and AMT 2019.1 QSR Advisory
[INTEL-SA-00218] Intel® Graphics Driver for Windows 2019.1 QSR Advisory
[INTEL-SA-00223] Intel® 2019.1 QSR UEFI Advisory
[INTEL-SA-00228] Intel® Intel Unite® Client Advisory
[INTEL-SA-00233] Intel® Microarchitectural Data Sampling Advisory
[INTEL-SA-00234] Intel® SCS Discovery Utility and ACU Wizard Advisory
[INTEL-SA-00244] Intel® Quartus® Software Advisory
[INTEL-SA-00245] Intel® Intel Unite® Client for Android Advisory
[INTEL-SA-00249] Intel® i915 Graphics for Linux Advisory
[INTEL-SA-00251] Intel® NUC Advisory
[INTEL-SA-00252] Intel® Driver & Support Assistant Advisory
参考情報
Side Channel Vulnerability Microarchitectural Data Sampling
RIDL: Rogue In-Flight Data Load
Fallout: Reading Kernel Writes From User Space
ZombieLoad Attack
https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Intel 製品に複数の脆弱性
https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
https://www.intel.com/content/www/us/en/support/articles/000005634/network-and-i-o/wireless-networking.html
Package Version1 Supported Adapters
21.0.0
(Latest) Intel® Wireless-AC 95602
Intel® Wireless-AC 94622
Intel® Wireless-AC 94612
Intel® Wireless-AC 92602
Intel® Dual Band Wireless-AC 82652
Intel® Dual Band Wireless-AC 82602
Intel® Dual Band Wireless-AC 3168
Intel® Wireless 7265 Family
Intel® Dual Band Wireless-AC 3165
Intel® Wireless 7260 Family
Intel® Dual Band Wireless-AC 3160
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00223.html
2019.1 QSR UEFI Advisory
Summary:
Multiple potential security vulnerabilities in Intel® Unified Extensible Firmware Interface (UEFI) may allow escalation of privilege and/or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities.
Vulnerability Details:
CVEID: CVE-2019-0119
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
Microarchitectural Data Sampling Advisory
Summary:
A potential security vulnerability in CPUs may allow information disclosure. Intel is releasing Microcode Updates (MCU) updates to mitigate this potential vulnerability.
Vulnerability Details:
CVEID: CVE-2018-12126
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00249.html
Intel® i915 Graphics for Linux Advisory
Summary:
A potential security vulnerability in Intel® i915 Graphics for Linux may allow escalation of privilege. Intel is releasing a Linux Kernel Mode Driver updates to mitigate this potential vulnerability.
Vulnerability Details:
CVEID: CVE-2019-11085
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00251.html
Intel® NUC Advisory
Summary:
A potential security vulnerability in system firmware for Intel® NUC may allow escalation of privilege, denial of service, and/or information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability.
Vulnerability Details:
CVEID: CVE-2019-11094
Description: Insufficient input validation in system firmware for Intel (R) NUC Kit may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected Products:
Affected Product
Updated Firmware
Intel® NUC Kit NUC8i7HNK
BIOS version 0054 or later
Intel® NUC Kit NUC8i7HVK
BIOS version 0054 or later
Intel® NUC Kit NUC7i7DNHE
BIOS version 0062 or later
Intel® NUC Kit NUC7i7DNKE
BIOS version 0062 or later
Intel® NUC Kit NUC7i5DNHE
BIOS version 0062 or later
Intel® NUC Kit NUC7i5DNHE
BIOS version 0062 or later
Intel® NUC Board NUC7i7DNBE
BIOS version 0062 or later
Recommendations:
Intel recommends that users update to the latest firmware version (see provided table).
Acknowledgements:
Intel would like to thank Alexander Ermolov for reporting this issue.
Intel, and nearly the entire
https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html
Overview
On May 14, 2019, Intel and other industry partners shared details and information about a new group of vulnerabilities collectively called Microarchitectural Data Sampling (MDS).
https://mdsattacks.com/files/ridl.pdf
https://mdsattacks.com/files/fallout.pdf
https://zombieloadattack.com/
