Intel fixes 73 vulnerabilities in June 2021 Platform Update

Intel has addressed 73 security vulnerabilities as part of the June 2021 Patch Tuesday, including high severity ones impacting some versions of Intel’s Security Library and the BIOS firmware for Intel processors.

Intel detailed the security flaws in the 29 security advisories published today on its Product Security Center.

“Today we released 29 security advisories addressing 73 vulnerabilities. 40 of those, or 55%, were found internally through our own proactive security research,” Intel’s Director of Communications Jerry Bryant said.

Intel provides a list of impacted products and recommendations for vulnerable products at the end of each advisory, together with contact details for security researchers who want to report security issues or vulnerabilities found in Intel branded tech.

June 2021 Intel Platform Update highlights

Of note, among the security updates released today, Intel addressed five high severity vulnerabilities impacting the Intel Virtualization Technology for Directed I/0 (VT-d) products, the BIOS firmware for some Intel processors, and the Intel Security Library.

The first of them (tracked as CVE-2021-24489) is caused by incomplete cleanup in some Intel VT-d products that could enable authenticated attackers to escalate privileges via local access.

Intel patched four more bugs (tracked as CVE-2020-12357, CVE-2020-8670, CVE-2020-8700, and CVE-2020-12359) caused by improper initialization, race condition, improper input validation, and insufficient control flow management in the CPU BIOS firmware allowing escalation of privilege via local or physical access.

The high severity bug patched in the Intel Security Library impacts versions before version 3.3, and it is caused by a key exchange without entity authentication enabling authenticated attackers to escalate privilege via network access.

Intel also patched 11 other high severity security vulnerabilities impacting Intel NUCs, Intel Driver and Support Assistant (DSA), Intel RealSense ID, Intel Field Programmable Gate Array (FPGA) Open Programmable Acceleration Engine (OPAE) driver for Linux, and Intel Thunderbolt controllers.

Full list of June 2021 Patch Tuesday advisories

You can find a list of all issued Intel security advisories in the table embedded below, with full details on each of the addressed vulnerabilities and info on impacted products within the linked Product Security Center entries.

“Intel recommends that users of the affected products update to the latest firmware version provided by the system manufacturer that addresses these issues,” the company added.

“Overall, 95% of the issues being addressed today are the result of our ongoing investments in security assurance, which is consistent with our 2020 Product Security Report.”

“During the first six months of 2021, we addressed 132 potential vulnerabilities with 70% of those being internally discovered and mitigated before they were publicly disclosed,” Bryant added. 

“56 of the 132 issues were found in graphics, networking and Bluetooth components.”