Today we are releasing 6 Security Advisories as part of our regular monthly update process. The bulk of the issues being addressed were reported through our Bug Bounty Program.
Among our updates this month is an internally found issue in Intel® CSME that could potentially allow information disclosure via local access. Intel has worked with industry partners to integrate the mitigations for this issue into their products ahead of public disclosure, and we recommend customers download the update from their system provider as soon as possible.
Click HERE for a list of computer manufacturer support sites.
The table below is the full list of new advisories this month. We recommend customers review these advisories to assess impact in their environment and apply the mitigations. At this time, we are not aware of any of these issues being exploited in the wild.
|Security Advisory ID||Title||CVE’s||CVSS|
|INTEL-SA-00307||Intel® CSME Advisory||CVE-2019-14598||8.2|
|INTEL-SA-00273||Intel® Renesas Electronics® USB 3.0 Driver Advisory||CVE-2020-0560||6.7|
|INTEL-SA-00339||Intel® RWC2 Advisory||CVE-2020-0562||6.7|
|INTEL-SA-00340||Intel® MPSS Advisory||CVE-2020-0563||6.7|
|INTEL-SA-00341||Intel® RWC3 Advisory||CVE-2020-0564||6.7|
|INTEL-SA-00336||Intel® SGX SDK Advisory||CVE-2020-0561||2.5|
For a full list of Intel security advisories, go to: www.intel.com/security.
Our next regularly scheduled security advisory release is March 10, 2020. Please check back here at that time for another update.
Director of Communications
Intel Product Assurance and Security