Intel releases medium and low-rated security advisories

News by Doug Olenick

Intel posts two security advisories for its Easy Streaming Wizard, Data Direct I/O Technology and Remote Direct Memory Access

Intel posted two security advisories for its Easy Streaming Wizard (CVE-2019-11166) and Data Direct I/O Technology (DDIO) and Remote Direct Memory Access (RDMA).

A potential escalation of privileges vulnerability, rated as a medium threat, exists with Easy Streaming Wizard on versions before 2.1.0731 due to improper file permissions in the installer.

Intel plans on issuing a software update to fix the issue.

The low-rated CVE-2019-11184 affects Intel Xeon E5, E7 and SP families that support DDIO and RDMA. The vulnerability is due to a race condition in specific microprocessors using Intel DDIO cache allocation and RDMA may allow an authenticated user to potentially enable partial information disclosure via adjacent access.

There is no patch for this condition, but Intel is recommending that where DDIO & RDMA are enabled, admins should limit direct access from untrusted networks and the use of software modules resistant to timing attacks, using constant-time style code.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews