The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajax_eae_post_data function. This can allow unauthenticated attackers to extract sensitive data including post/page ids and titles including  those of with pending/draft/future/private status.

This record contains material that is subject to copyright.

**Copyright 2012-2023 Defiant Inc.**

**License:** Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy. **Read more.**

**Copyright 1999-2023 The MITRE Corporation**

**License:** CVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy. **Read more.**

Have information to add, or spot any errors? Contact us at wfi-support@wordfence.com so we can make any appropriate adjustments.

CVE-2023-4723: Elementor Addon Elements <= 1.12.7 - Missing Authorization to Sensitive Information Exposure — Wordfence Intelligence

Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**BlueZ Advisory**

Intel ID:

INTEL-SA-00435

Advisory Category:

Software

Impact of vulnerability:

Escalation of Privilege, Information Disclosure

Severity rating:

HIGH

Original release:

10/13/2020

Last revised:

10/15/2020

**Revision History**

Revision

Date

Description

1.0

10/13/2020

Initial Release

1.1

10/15/2020

Removed reference to Linux kernel version

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at https://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  
Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2020-12352: INTEL-SA-00435

OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS command on the product.

Published:2022/10/20  Last Updated:2022/10/28

**Overview**

Nadesiko3 provided by kujirahand contains multiple vulnerabilities.

**Products Affected**

**CVE-2022-41642**

*   Nadesiko3 (PC Version) v3.3.68 and earlier

**CVE-2022-41777, CVE-2022-42496**

*   Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier

**Description**

Nadesiko3 provided by kujirahand contains multiple vulnerabilities listed below.

*   **OS command injection vulnerability in processing compression and decompression (CWE-78)** - CVE-2022-41642
    
    CVSS v3
    
    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    
    **Base Score: 9.8**
    
    CVSS v2
    
    AV:N/AC:L/Au:N/C:P/I:P/A:P
    
    **Base Score: 7.5**
    
*   **Improper check or handling of exceptional conditions in nako3edit (CWE-703)** - CVE-2022-41777
    
    CVSS v3
    
    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
    
    **Base Score: 5.3**
    
    CVSS v2
    
    AV:N/AC:L/Au:N/C:N/I:N/A:P
    
    **Base Score: 5.0**
    
*   **OS command injection vulnerability via "file" parameter in nako3edit (CWE-78)** - CVE-2022-42496
    
    CVSS v3
    
    CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
    
    **Base Score: 8.1**
    
    CVSS v2
    
    AV:N/AC:M/Au:N/C:P/I:P/A:P
    
    **Base Score: 6.8**
    

**Impact**

*   An arbitrary OS command may be executed on the product if compression and/or decompression is executed - CVE-2022-41642
*   Injecting an invalid value to decodeURIComponent of nako3edit may lead the server to crash - CVE-2022-41777
*   An arbitrary OS command may be executed on the product via "file" parameter in nako3edit if appkey of the product is obtained by the remote unauthenticated attacker - CVE-2022-42496

**Solution**

**Update the software**  
Update the software to the latest version according to the information provided by the developer.

**Vendor Status**

Vendor

Status

Last Update

Vendor Notes

kujirahand

Vulnerable

2022/10/28

**References**

**JPCERT/CC Addendum**

**Vulnerability Analysis by JPCERT/CC**

**Credit**

Satoki Tsuji reported these vulnerabilities to IPA.  
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

**Other Information**

**Update History**

2022/10/28

Information under \[Products Affected\] was updated.

CVE-2022-42496: JVN#56968681: Multiple vulnerabilities in nadesiko3

Plus: North Korean supply chain attacks, a Russian USB worm spreads internationally, and more.

Trillions of domestic phone records in the United States are tracked every year under a secretive surveillance operation, WIRED revealed this week. The Data Analytical Services program, which was previously known as Hemisphere, allows cops to request and analyze the phone records of people and others who they communicate with, including those not suspected of crimes. The surveillance system is run by the White House, with telecom firm AT&T providing phone records in response to law enforcement requests.

The crypto world kept tumbling this week. After Sam Bankman-Fried was found guilty at the start of this month, it was the turn of crypto exchange Binance and its CEO Changpeng Zhao to face scrutiny from US officials. The US Department of Justice unsealed an indictment against the company, which accuses it of violating US anti-money-laundering laws and of enabling Iran, Cuba, and Russia to launder dirty money.

If you’re in the US and have some extra time over the long holiday weekend, it’s also worth catching up on Andy Greenberg’s epic tale of the three young hackers twho brought down the internet with the Mirai botnet—and their story of redemption. Then it’s definitely time to log off.

That’s not all. Each week, we round up the security and privacy stories we didn’t report on in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

Google makes most of its money from advertising—and it doesn’t like ad blockers, which prevent millions of ads being shown on websites every day. In recent months, the company has been cracking down on ad blockers on YouTube in a big way. But that’s just the start of it.

This week YouTube confirmed it has, in some instances, introduced a five-second delay before videos load if people are using an ad blocker in their browser. “In the past week, users using ad blockers may have experienced suboptimal viewing, which included delays in loading, regardless of the browser they are using,” a YouTube spokesperson told The Verge. The company admitted the delays had been happening after some people on Reddit and Hacker News spotted slow loading times and initially thought it was because of the browser they were using.

The move follows Google announcing last week that it is going ahead with plans to change how Chrome browser extensions operate, which may limit how some popular ad blockers work. Last year the company paused its plans to roll out Manifest V3, the platform that browser extensions work on, after complaints about how it would impact some extensions. As Ars Technica reported, Google is planning on rolling out a revised version of Manifest V3 in June next year. Google says Manifest V3 is designed to make Chrome run smoothly by reducing the resources that extensions can use and improve security. However ad blockers and privacy experts have criticized how the system works and, in particular, changes to the Declarative Net Request API.

Google proposed putting restrictions on this API but has relaxed these somewhat in the new version of Manifest V3. It originally planned to allow browser extensions to make 5,000 content-filtering “rules,” but it has now increased this to 30,000 rules. AdGuard, an ad blocker, has tentatively welcomed some of the revised changes. Elsewhere, uBlock Origin, which uses around 300,000 filtering rules, has created a “lite” version of its extension in response to Manifest V3. The developer behind uBlock Origin says the lite version is not as “capable” as the full version. Meanwhile, browser makers Brave and Firefox say they are introducing work-arounds to stop ad blockers from being impacted by the changes.

Supply chain attacks, where malware is implanted in a company's legitimate software and spread to the firm's customers, can be incredibly hard to detect and can cause billions of dollars in damage if they’re successful. Hackers for North Korea are increasingly adopting the sophisticated attack method.

This week Microsoft revealed it has discovered the hermit kingdom’s hackers implanting malicious code inside an installer file for photo and video editing software CyberLink. The installer file used legitimate code from CyberLink and was hosted on the company's servers, obscuring the malicious file it contained. Once installed, Microsoft said, the malicious file would deploy a second payload. More than 100 devices have been impacted by the attack, Microsoft says, and it has attributed the attack to the North Korea-based Diamond Sleet hacking group.

After details of the attack were revealed, the UK’s National Cyber Security Centre and the Republic of Korea’s National Intelligence Service issued a warning saying that North Korea’s supply chain attacks are “growing in sophistication and volume.” The two bodies say the tactics support North Korea’s wider priorities, such as stealing money to help fund its ailing economy and nuclear programs, espionage, and stealing tech secrets.

Some flights have had to change course or lost satellite signals in midair due to electronic warfare, _The New York Times_ reported this week. The ongoing conflicts in Ukraine and Gaza have seen GPS jamming and spoofing technologies interfere with the daily operation of flights in and around the areas. The incidents, so far, have not been dangerous. But they highlight the increase in electronic warfare capabilities—which seek to interrupt or disrupt the technologies used for communications and infrastructure—and how the technology needed to launch them is getting cheaper. Since Russia’s full-scale invasion of Ukraine in February 2022, electronic warfare tactics have become increasingly common on both sides, as drones being used for surveillance and reconnaissance have had their signals interrupted and rockets have been sent off course.

Gamaredon is one of Russia’s most brazen hacking groups—the hackers have consistently attacked Ukrainian systems. Now one piece of its malware, a worm that spreads via USB stick and is dubbed LitterDrifter, has spread internationally. The worm has been spotted in the US, Hong Kong, Germany, Poland, and Vietnam, according to researchers at security firm Check Point. The company’s researchers say the worm includes two elements: a spreading module and a second module that also communicates with Gamaredon’s servers. “It’s clear that LitterDrifter was designed to support a large-scale collection operation,” the Check Point researchers write, adding that it’s likely the worm has “spread beyond its intended targets.”

Google’s Ad Blocker Crackdown Is Growing

BillQuick customers blindsided by recently patched web security flaw

SQL injection flaw in billing software app tied to US ransomware infection

Cross-Site Scripting (XSS) vulnerability in WP Wham's Checkout Files Upload for WooCommerce plugin <= 2.1.2 at WordPress.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

Checkout Files Upload for WooCommerce plugin lets your customers upload files on (or after) WooCommerce checkout.

**Features**

Set field’s **position** on WooCommerce checkout page:

*   Before checkout form.
*   After checkout form.
*   Do not add on checkout.

Set if file upload **is required**.

If you need files to be uploaded after order is created, you can optionally add field to:

*   WooCommerce **Thank You** (i.e. **Order Received**) page.
*   WooCommerce **My Account** page.

Add custom **label** to the field.

Set **accepted file types**.

Set custom Upload and Remove **button labels**.

Set **custom messages**:

*   “Wrong file type”.
*   “Wrong image dimensions” and “Couldn’t get image dimensions”.
*   “File is required”.
*   “File was successfully uploaded”.
*   “No file selected”.
*   “File was successfully removed”.

Optionally set field to show up only if in cart there are selected:

*   **Products**.
*   **Product categories**.
*   **Product tags**.

Add uploaded files to admin and customers **emails**.

Send **additional emails** if user uploads or removes files on “Thank You” or “My Account” pages.

**Customize** the frontend files upload form.

Optionally enable **AJAX form** for file uploads.

Set **max file size** option.

Optionally **validate image dimensions**.

**Feedback**

*   We are open to your suggestions and feedback. Thank you for using or trying out one of our plugins!
*   Drop us a line at www.wpwham.com.

**More**

*   Visit the Checkout Files Upload for WooCommerce plugin page.

1.  Upload the entire plugin folder to the /wp-content/plugins/ directory.
2.  Activate the plugin through the “Plugins” menu in WordPress.
3.  Start by visiting plugin settings at “WooCommerce > Settings > Checkout Files Upload”.

This plugin it might be very helpful if, for some reason, you have to let customers upload files during the checkout.

The free version of this plugin is just brilliant! The UI is very easy to understand, making it pretty straightforward to configure. We needed to have an upload field on the Checkout so customers could attach a PDF file. The file can be included as an actual email attachment, and not just a link. It also has the ability to include the upload field conditionally, meaning you can link it to a specific product on the backend, and it will just show if that product is in cart. I have tested multiple checkout upload plugins over the last few months. This is HANDS DOWN the BEST plugin of its kind on the market.

The free version of the plugin does much more than other paid plugins do. So many possibilities for customisation.

I have been facing a problem from three days on order at checkout file upload attachment not showing in mail .it was working fine before. kindly help me . https://fastprintamman.com/ palce a order and on check out there is file upload that attachment not showing in admin mail

Is it possible to set MINIMUM dimensions for both height and width? Also, the progress meter doesn't seem to actually reflect the upload progress... It just jumps to 100% almost immediately...

Read all 10 reviews

“Checkout Files Upload for WooCommerce” is open source software. The following people have contributed to this plugin.

Contributors

*    WP Wham

**2.1.3 – 2022-05-10**

*   FIX: escape filenames on order confirmation/thank you pages.

**2.1.2 – 2021-12-23**

*   FIX: potential XSS vulnerability (thanks to Vlad at Patchstack).
*   FIX: minor display bug in settings due to WooCommerce update.

**2.1.1 – 2021-09-16**

*   UPDATE: PHP 8 now officially supported.
*   UPDATE: updated .pot file for translations.

**2.1.0 – 2021-04-15**

*   NEW: added more options to “validate image dimensions” setting: “greater than or equal”, and “less than or equal”.
*   NEW: added button to delete file attachments on admin “edit order” page. (If you don’t want the ability to delete files, you can use the filter wpwham_checkout_files_upload_allow_admin_delete_files to disable it).
*   FIX: check if server’s temporary directory is writeable. If not, display an error message. (Solves an issue with 0-byte files being uploaded).
*   FIX: bug where sometimes 0-byte files were attached to order emails.
*   UPDATE: for text labels/notices, made it possible for a translated string to take precedence over stored settings. (Previously it was the other way around. This should now make things easier if you use a translation plugin like LocoTranslate, Polylang, etc).
*   UPDATE: performance improvement — load our admin assets only when needed.
*   UPDATE: updated .pot file for translations.

**2.0.4 – 2021-01-12**

*   FIX: clean output buffer before downloads (solves conflict with some 3rd-party plugins which interfere with the output buffer, causing downloads to appear as empty or corrupt).

**2.0.3 – 2020-09-17**

*   UPDATE: display our settings in WC status report.

**2.0.2 – 2020-08-21**

*   FIX: upload button translation issue (removed old label settings, added new ones).
*   UPDATE: updated .pot file for translations.

**2.0.1 – 2020-06-17**

*   FIX: issue with upload button not working in certain themes.
*   FIX: user permissions issue incorrectly preventing downloading of images from the WP admin side.
*   FIX: JS typo.

**2.0.0 – 2020-06-11**

*   NEW: **Breaking Change** the Form (simple) template has been removed, and Form (AJAX) is now the standard template. Form (AJAX) has been the default since v1.4.0 (2018-08-25), so for most people this change will have no effect. However, if you were using Form (simple), or if you had customized either template, please double check your settings to make sure things look correct. Or, you can reset the settings to get a fresh start.
*   NEW: **Breaking Change** in template settings, the variable %field_html% which previously contained BOTH the field html AND the upload button itself, has been split into separate variables %field_html% and %button_html%. Your template settings will be updated automatically to reflect this.
*   NEW: image thumbnails will be shown by default. The image feature has existed since v1.4.0 (2018-08-25), but some people didn’t realize this and/or didn’t know they needed to add %image% into the template to enable it. Now %image% is included in the template by default. If you don’t want this, simply edit your template settings and remove the %image% variable.
*   NEW: show spinner when processing, and prevent checkout form submission before upload is completed.
*   UPDATE: change the way we handle sessions — only start them when needed, not on every page load.
*   UPDATE: extensive code refactoring.
*   UPDATE: updated some styling and text. For example, progress bars (if enabled) are now green.
*   UPDATE: updated .pot file for translations.

**1.5.4 – 2020-01-14**

*   UPDATE: add new filters ‘wpw\_checkout\_files\_upload\_form\_html’ and ‘wpw\_checkout\_files\_upload\_form\_ajax\_html’.
*   UPDATE: wrap checkout page file upload controls in

<

div>.

**1.5.3 – 2019-11-22**

*   UPDATE: bump tested versions

**1.5.2 – 2019-11-15**

*   UPDATE: bump tested versions

**1.5.1 – 2019-09-12**

*   UPDATE: bump tested upto versions

**1.5.0 – 2018-10-08**

*   FIX: php notice
*   UPDATE: updated .pot file for translations

**1.4.5 – 2018-10-01**

*   Dev – [alg_wc_cfu_translate] shortcode added and do_shortcode() is now applied to each file’s “Labels”.

**1.4.4 – 2018-09-13**

*   Dev – Emails – “Additional Emails Options” subsection added.
*   Dev – “Raw” input is now allowed in all textarea admin settings fields.
*   Dev – Code refactoring – “Reset” function re-written.
*   Dev – Code refactoring – custom_number_checkout_files_upload settings type removed.
*   Dev – “Your settings have been saved” admin notice added.

**1.4.3 – 2018-09-10**

*   Dev – “Author URI” updated.

**1.4.2 – 2018-09-10**

*   Dev – “Contributors” updated.

**1.4.1 – 2018-08-27**

*   Fix – %image% in AJAX form fixed on “Thank you” and “My Account” pages.
*   Dev – “Validate image dimensions” options added for each file.
*   Dev – Minor code refactoring.
*   Dev – Minor admin settings restyling.

**1.4.0 – 2018-08-25**

*   Fix – User file download fixed on “Thank you” and “My Account” pages.
*   Dev – %image% replaced value added.
*   Dev – “AJAX form” now is enabled (yes) in settings by default.
*   Dev – Code refactoring.
*   Dev – Minor admin settings restyling.
*   Dev – Plugin URI updated.

**1.3.0 – 2018-06-09**

*   Fix – Case insensitive comparison of the “Accepted file types” options.
*   Fix – Default values fixed for all get_option() calls.
*   Dev – “AJAX form” options added.
*   Dev – “Max file size” options added.
*   Dev – Filter rewritten.
*   Dev – Admin settings – “Reset settings” section added.
*   Dev – Admin settings – Files settings added as separate sections.
*   Dev – Admin settings – Minor changes: restyling; select option type changed to wc-enhanced-select; settings array saved as main class property.

**1.2.0 – 2017-05-10**

*   Fix – Call to undefined function is_shop_manager() error fixed.
*   Dev – WooCommerce v3.x.x compatibility – Order ID – using function instead of accessing property directly.
*   Dev – load_plugin_textdomain moved to constructor from init hook.
*   Dev – Plugin link changed from http://coder.fm to https://wpcodefactory.com.

**1.1.1 – 2016-12-07**

*   Dev – alg_current_filter_priority() modified for compatibility with WordPress since v4.7.
*   Dev – Language (POT) file updated.
*   Dev – Checking for Pro modified.

**1.1.0 – 2016-11-28**

*   Dev – “Form Template Options” settings section added.
*   Dev – Language (POT) file added.
*   Dev – “Emails Options” settings moved to separate section.

**1.0.0 – 2016-09-05**

*   Initial Release.

CVE-2022-29425: Checkout Files Upload for WooCommerce

An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. This may result in several of out-of-bounds problems and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.

CVE-2021-32946: Open Design Alliance Drawings SDK | CISA

Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

**Select Your Region**

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® Processor Speculative Cross Store Bypass Advisory**

**Summary: **

A potential security vulnerability in Intel® Processors may allow information disclosure.  Intel is releasing prescriptive guidance to address this potential vulnerability.

**Vulnerability Details:**

CVEID:  CVE-2021-33149

Description: Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

CVSS Base Score: 2.5 Low

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

**Affected Products:  
**

All Intel® Processor families.

**Recommendations:**

Intel is releasing prescriptive guidance to mitigate this issue.

_Prescriptive guidance:_ Intel recommends that any potential gadget utilize an LFENCE after loads that should observe writes from another thread to the same shared memory address.

**Acknowledgements:**

Intel would like to thank Danping Li and Ziyuan Zhu from Institute of Information Engineering, Chinese Academy of Sciences for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

05/10/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at https://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  
Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2021-33149: INTEL-SA-00648

Uncontrolled resource consumption in the Linux kernel drivers for Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access.

**Select Your Region**

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® SGX Linux Kernel Drivers Advisory**

**Summary: **

A potential security vulnerability in Intel® SGX Linux kernel drivers may allow denial of service.  Intel is working with the Linux kernel maintainers to create a mitigation.

**Vulnerability Details:**

CVEID: CVE-2021-33135

Description: Uncontrolled resource consumption in the Linux kernel drivers for Intel® SGX may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 3.2 Low

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

**Affected Products:**

Intel® SGX Linux kernel driver from Intel version 2.14 and before.

Linux kernel driver for Intel® SGX from upstream/kernel.org.

**Recommendations:**

Intel® SGX Linux kernel driver mitigation available for download at:

https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/master/driver/linux

Linux community mitigation available for download at kernel.org.

**Acknowledgements:**

This issue was found internally by Intel employees.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

05/10/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at https://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  
Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2021-33135: INTEL-SA-00603

The US healthcare industry suffers more ransomware attacks than most countries.

Following the February 21 attack on Change Healthcare, scores of people in the US have been living with the brutal, real-world effects of ransomware.

Described by the American Hospital Association (AHA) President and CEO Rick Pollack as “the most significant and consequential incident of its kind against the US health care system in history,” the attack has stopped billions of dollars in payments flowing between doctors, hospitals, pharmacies and insurers. It has also created skyrocketing pharmacy bills, pushed some healthcare providers to the edge of insolvency, and led some small practices offering chemotherapy to warn that they are just weeks from turning patients away.

There are thousands of “big game” ransomware attacks like this every year—large scale cyberattacks that can bring entire organisations to a halt. They are always damaging and they always cause pain, but when they hit the healthcare system, the consequences—particularly the risk to life—are often more immediately obvious and shocking.

From time to time individual ransomware gangs will grandstand and say they don’t or won’t hit hospitals, but the truth is that healthcare has always been a major target.

Only three weeks ago, the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning that ALPHV, the ransomware group behind the attack on Change Healthcare, was singling out targets in that sector, saying that “since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized.”

ALPHV is just one gang among many targeting the sector. In the last 12 months, known ransomware attacks on US targets have increased an enormous 101% year-on-year, but attacks on healthcare have outpaced even that, increasing 137%.

70% of all known attacks on healthcare happen in the US.

This relentless assault has made healthcare the second most attacked sector in the US, where it accounts for 9% of known attacks. In the same period, healthcare accounted for just 3% of known attacks in the rest of the world.

The stark difference between the US and everywhere else may reflect the enormous size of the US healthcare market, or it could be the result of deliberate targeting.

Screenshot

Screenshot

Given its unmatched global footprint, it’s no suprise that LockBit was responsible for more attacks on US healthcare than any other ransomware group in the last year. LockBit is the most widely used ransomware in the world, and tops the list of most active groups across a wide variety of different countries and industry sectors. What is most striking about attacks on US healthcare though is the number of different gangs involved.

In the last year, 36 different ransomware groups are known to have attacked US healthcare targets, and, unusually, the combined contribution of gangs making just a few attacks each vastly outweighs the efforts of big gangs like LockBit and ALPHV.

It’s easy to see why so many ransomare gangs might be drawn to the sector: US healthcare companies are custodians of people’s most private data, guardians of their health, and part of a marketplace worth trillions of dollars. In other words, healthcare isn’t just another industry sector, either for the people who use it, or the people who prey on it. It is a special case, and there is an argument for saying that attacks on organisations like Change Healthcare should be treated like an attack on critical infrastructure.

The last attack on US critical infrastructure, against Colonial Pipeline in 2021, was met with an immediate and ferocious response. Within a month, the FBI had recovered the vast majority of the ransom. The gang behind it, DarkSide, lost control of its infrastructure to US law enforcement (and possibly US military) before going dark, and was quickly hounded out of existence by the FBI after it attempted to remerge and rebrand as BlackMatter.

Knowing that, perhaps it’s not a surprise that the attack on Change Healthcare was one of the ALPHV gang’s last acts before it disappeared in a sloppily exectuted exit scam.

**How to avoid ransomware**

*   **Block common forms of entry.** Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
*   **Prevent intrusions.** Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
*   **Detect intrusions.** Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
*   **Stop malicious encryption.** Deploy Endpoint Detection and Response software like ThreatDown EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
*   **Create offsite, offline backups.** Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
*   **Don’t get attacked twice.** Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

Search

lenovo warranty check/lookup | check warranty status | lenovo support us