Intel posted two security advisories for its Easy Streaming Wizard (CVE-2019-11166) and Data Direct I/O Technology (DDIO) and Remote Direct Memory Access (RDMA).
A potential escalation of privileges vulnerability, rated as a medium threat, exists with Easy Streaming Wizard on versions before 2.1.0731 due to improper file permissions in the installer.
Intel plans on issuing a software update to fix the issue.
The low-rated CVE-2019-11184 affects Intel Xeon E5, E7 and SP families that support DDIO and RDMA. The vulnerability is due to a race condition in specific microprocessors using Intel DDIO cache allocation and RDMA may allow an authenticated user to potentially enable partial information disclosure via adjacent access.
There is no patch for this condition, but Intel is recommending that where DDIO & RDMA are enabled, admins should limit direct access from untrusted networks and the use of software modules resistant to timing attacks, using constant-time style code.
This article was originally published on SC Media US.