Intel has published nearly 2 dozens of advisories as a part of patch tuesday covering more than 50 vulnerabilities affecting numerous products.
Seven advisories that were released relates to high-severity privilege escalation flaws including one in the BIOS firmware of some Intel processors, one in XMM 7560 Modem software, a dozen in NUC BIOS firmware, three in chipset firmware, one in Data Center Manager software, two in Server Boards and Server Systems, and one impacting the Active Management Technology SDK, Endpoint Management Assistant and Manageability Commander.
Two of high-severity vulnerabilities in chipset firmware can be exploited for denial-of-service attacks.
One of the high-severity bugs, tracked as CVE-2021-33164 affects BIOS firmware for some Intel NUCs and it can be exploited as a elevation of privilege.
A type of attack dubbed RingHopper can allow a threat actor to bypass security mechanisms, steal sensitive information, install bootkits, or brick the targeted system. Products from Dell, Insyde and possibly others are also impacted.
Intel also fixed Medium and low severity vulnerabilities in PROSet/Wireless WiFi, VTune Profiler, Quartus Prime, OpenVINO toolkit, PresentMon, Advanced Link Analyzer, Server Debug and Provisioning, NUC Kit Wireless Adapter driver installer, Support Android application, WLAN Authentication and Privacy Infrastructure Security, EMA, and the SGX SDK.
Glorp and System Studio that reached EOL/EOS are also affected by medium-severity flaws, for which patches won’t be released.