2022年8月9日(現地時間)、Intelから複数のセキュリティアドバイザリが公開されました。影響を受ける製品やバージョンについての詳細は、Intelのアドバイザリを参照いただき、影響範囲の確認と対策をご検討ください。
なお、アドバイザリのうちINTEL-SA-00694では、Intelが開発するOpen AMT Cloud Toolkitにおける認証バイパスの脆弱性(CVE-2022-25899)に関する情報が公開されています。脆弱性の深刻度はCriticalで、悪用されると認証されていないユーザーが権限を昇格する可能性があります。CVSS v3.1の評価値は9.9とされています。
INTEL-SA-00593: Intel Ethernet Controllers and Adapters Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00593.html
Intel Ethernet Controllersrおよびアダプターにサービス運用妨害(DoS)の脆弱性
INTEL-SA-00596: Intel Connect M Android App Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00596.html
Intel Connect M Android Appに情報漏えいの脆弱性
INTEL-SA-00621: Intel PROSet/Wireless WiFi and Killer WiFi Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
一部のIntel PROSet/Wireless WiFiとKiller WiFi製品に権限昇格などの脆弱性
INTEL-SA-00628: Intel Wireless Bluetooth and Killer Bluetooth Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00628.html
一部のIntel Wireless BluetoothとKiller Bluetooth製品に権限昇格などの脆弱性
INTEL-SA-00650: Intel Ethernet VMware Drivers Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00650.html
一部のIntel Ethernet VMware Driversにサービス運用妨害(DoS)の脆弱性
INTEL-SA-00653: Intel Edge Insights for Industrial Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00653.html
Intel Edge Insights for Industrialに権限昇格などの脆弱性
INTEL-SA-00655: Intel HAXM Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00655.html
Intel HAXMに権限昇格の脆弱性
INTEL-SA-00657: 2022.2 IPU - Intel Processor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html
一部のIntel Processorに情報漏えいの脆弱性
INTEL-SA-00658: Intel VTune Profiler Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00658.html
Intel VTune Profilerに権限昇格の脆弱性
INTEL-SA-00660: Intel Support Android App Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00660.html
Intel Support Android applicationに情報漏えいの脆弱性
INTEL-SA-00662: Intel Data Center Manager Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00662.html
Intel Data Center Managerに権限昇格などの脆弱性
INTEL-SA-00665: Intel NUC 9 Extreme Laptop Kit Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00665.html
一部のIntel NUC 9 Extreme Laptop Kitに権限昇格の脆弱性
INTEL-SA-00667: Intel IPP Cryptography Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00667.html
Intel Integrated Performance Primitives Cryptography software libraryに情報漏えいの脆弱性
INTEL-SA-00668: Intel RST Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00668.html
Intel Rapid Storage Technology softwareに権限昇格の脆弱性
INTEL-SA-00669: 2022.2 IPU - Intel Chipset Firmware Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00669.html
Intel Server Platform Services firmwareにサービス運用妨害(DoS)の脆弱性
INTEL-SA-00672: Intel Enpirion Digital Power Configurator GUI Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00672.html
Intel Enpirion Digital Power Configurator GUI softwareに権限昇格の脆弱性
INTEL-SA-00678: Intel Datacenter Group Event Android App Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00678.html
Intel Datacenter Group Event Android applicationに権限昇格の脆弱性
INTEL-SA-00679: Intel DSA Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00679.html
Intel Driver & Support Assistant softwareに権限昇格の脆弱性
INTEL-SA-00684: Intel Distribution for Python Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00684.html
Intel Distribution for Pythonに権限昇格の脆弱性
INTEL-SA-00686: 2022.2 IPU – BIOS Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00686.html
一部のIntel ProcessorのBIOS firmwareに権限昇格の脆弱性
INTEL-SA-00694: Open AMT Cloud Toolkit Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00694.html
Open AMT Cloud Toolkit softwareに権限昇格の脆弱性
INTEL-SA-00701: Intel SEAPI Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00701.html
Intel Single Event API softwareに権限昇格の脆弱性
INTEL-SA-00703: Intel Datacenter Group Event App Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00703.html
Intel Datacenter Group Event iOS applicationに情報漏えいの脆弱性
INTEL-SA-00705: Intel Team Blue App Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00705.html
Intel Team Blue mobile applicationに情報漏えいの脆弱性
INTEL-SA-00706: Intel Processor Post-barrier RSB Predictions Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00706.html
一部のIntel Processorに情報漏えいの脆弱性
INTEL-SA-00709: Intel AMT and Intel Standard Manageability Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00709.html
Intel Active Management TechnologyとIntel Standard Manageabilityに権限昇格などの脆弱性
INTEL-SA-00712: Intel NUC Laptop Kit Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00712.html
一部のIntel NUC Laptop Kitsに権限昇格の脆弱性
Intel Corporation
Intel Product Security Center Advisories
https://www.intel.com/content/www/us/en/security-center/default.html
CyberNewsFlashは、注意喚起とは異なり、発行時点では注意喚起の基準に満たない脆弱性の情報やセキュリティアップデート予告なども含まれます。今回の件を含め、提供いただける情報がありましたら、JPCERT/CCまでご連絡ください。
一般社団法人JPCERTコーディネーションセンター(JPCERT/CC)
早期警戒グループ
Email:ew-info@jpcert.or.jp