Uncontrolled resource consumption in the Intel(R) HAXM software before version 7.6.6 may allow an unauthenticated user to potentially enable information disclosure via local access.

**Select Your Region**

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® HAXM Advisory**

Intel ID:

INTEL-SA-00544

Advisory Category:

Software

Impact of vulnerability:

Escalation of Privilege, Information Disclosure

Severity rating:

MEDIUM

Original release:

10/12/2021

Last revised:

10/12/2021

**Summary: **

Potential security vulnerabilities in the Intel® Hardware Accelerated Execution Manager (HAXM) software may allow escalation of privilege or information disclosure.  Intel is releasing software updates to mitigate these potential vulnerabilities.

**Vulnerability Details:**

CVEID: CVE-2021-0180

Description: Uncontrolled resource consumption in the Intel(R) HAXM software before version 7.6.6 may allow an unauthenticated user to potentially enable privilege escalation via local access.

CVSS Base Score: 6.2 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

CVEID: CVE-2021-0182

Description: Uncontrolled resource consumption in the Intel(R) HAXM software before version 7.6.6 may allow an unauthenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 5.1 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

**Affected Products:**

Intel® HAXM before version 7.6.6.

**Recommendations:**

Intel recommends updating Intel® HAXM software to version 7.6.6 or later.

Updates are available for download at this location: https://github.com/intel/haxm/releases   

**Acknowledgements:**

These issues were found externally.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

10/12/2021

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at https://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  
Copyright © Intel Corporation 2020

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2021-0182: INTEL-SA-00544

OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature.

`Product: OX App Suite   Vendor: OX Software GmbH  Internal reference: OXUIB-1092   Vulnerability type: Cross-Site Scripting (CWE-80)   Vulnerable version: 7.10.5   Vulnerable component: frontend   Report confidence: Confirmed   Solution status: Fixed by Vendor   Fixed version: 7.10.5-rev26   Vendor notification: 2021-11-15   Solution date: 2021-12-14   Public disclosure: 2022-03-21   CVE reference: CVE-2021-44208   CVSS: 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)  Vulnerability Details:   System messages at the OX Chat component are escaped to avoid injection of malicious code. However, this check is not performed for messages that are "unknown" to the system. Such messages do not occur during normal operations.  Risk:   Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface (e.g. redirecting to a third-party site). To exploit this an attacker would require the victim to follow a hyperlink or compromise of chat components.  Steps to reproduce:   1. Maliciously modify the chat infrastructure to inject "unknown" messages that contain script code   2. Make the victim connect to that infrastructure and request messages for their account  Solution:   We now sanitize "unknown" system messages, in case this scenario may ever happen in the wild.  ---  Internal reference: MWB-1322   Vulnerability type: Cross-Site Scripting (CWE-80)   Vulnerable version: 7.10.5 and earlier   Vulnerable component: middleware   Report confidence: Confirmed   Solution status: Fixed by Vendor   Fixed version: 7.10.5-rev32   Vendor notification: 2021-11-12   Solution date: 2021-12-14   Public disclosure: 2022-03-21   CVE reference: CVE-2021-44209   CVSS: 5.4 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)  Vulnerability Details:   Specific HTML5 tags and some attributes were not sufficiently considered when detecting malicious code thats being served as download.  Risk:   Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface (e.g. redirecting to a third-party site). To exploit this an attacker would require the victim to follow a hyperlink.  Steps to reproduce:   1. Upload a HTML5 document with specific tags, set a HTML file extension but a misleading media-type   2. Share the file and make a victim click a hyperlink to that resource  Proof of concept:   <audio src="/appsuite/apps/themes/default/sounds/bell.ogg" onprogress="alert('XSS');" onsuspend="alert('XSS');" controls></audio>  Solution:   We improved HTML detection and examine a complete list of tags, attributes and event handlers.  ---  Internal reference: MWB-1260   Vulnerability type: Cross-Site Scripting (CWE-80)   Vulnerable version: 7.10.5 and earlier   Vulnerable component: middleware   Report confidence: Confirmed   Solution status: Fixed by Vendor   Fixed version: 7.10.5-rev32   Vendor notification: 2021-09-27   Solution date: 2021-12-14   Public disclosure: 2022-03-21   CVE reference: CVE-2021-44210   CVSS: 5.4 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)  Vulnerability Details:   Certain media formats (NIFF) in this case, were not detected to contain potentially harmful content. This can be exploited by an attacker by uploading malicious content in disguise. Some browsers will attempt to render NIFF sources as inline content.  Risk:   Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface (e.g. redirecting to a third-party site). To exploit this an attacker would require the victim to follow a hyperlink.  Steps to reproduce:   1. Generate malicious JS/HTML content and upload it as NIFF image, change the media-type accordingly   2. Share that malicious code using "sharing"   3. Make a victim follow a link to the malicious share  Solution:   We now detect NIFF as potentially malicious content and force browsers to download it.  ---  Internal reference: MWB-1259   Vulnerability type: Cross-Site Scripting (CWE-80)   Vulnerable version: 7.10.5 and earlier   Vulnerable component: middleware   Report confidence: Confirmed   Solution status: Fixed by Vendor   Fixed version: 7.10.5-rev32   Vendor notification: 2021-09-27   Solution date: 2021-12-14   Public disclosure: 2022-03-21   CVE reference: CVE-2021-44211   CVSS: 3.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)  Vulnerability Details:   HTML E-Mail signatures are processed by a sanitizer. This sanitizer can be tricked to generate malicious output by injecting seemingly benign garbled HTML code.  Risk:   Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface (e.g. redirecting to a third-party site). To exploit this an attacker would require some level of access to the victims account, context and pull off a social engineering attack.  Steps to reproduce:   1. Create a malicious E-Mail signature   2. Share and make a victim select that E-Mail signature  Proof of concept:   <img src class="src=cid:asd onerror=alert('XSS')//">  Solution:   We now check the HTML "class" attribute for potential malicious content for HTML E-Mail signatures.  ---  Internal reference: MWB-1219   Vulnerability type: Cross-Site Scripting (CWE-80)   Vulnerable version: 7.10.5 and earlier   Vulnerable component: middleware   Report confidence: Confirmed   Solution status: Fixed by Vendor   Fixed version: 7.10.5-rev32   Vendor notification: 2021-08-17   Solution date: 2021-12-14   Public disclosure: 2022-03-21   CVE reference: CVE-2021-44212   CVSS: 5.4 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)  Vulnerability Details:   Script tags at HTML content can be obfuscated by using trailing control commands to bypass existing sanitizers.  Risk:   Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface (e.g. redirecting to a third-party site). To exploit this an attacker would require the victim to follow a hyperlink.  Steps to reproduce:   1. Create malicious script code and obfuscate HTML tags using control characters   2. Share the malicious code and make a victim click a link that points to this code  Proof of concept:   <script\t>alert("XSS");</script\t>  Solution:   We now improve detection of obfuscated HTML tags.  ---  Internal reference: MWB-1216   Vulnerability type: Cross-Site Scripting (CWE-80)   Vulnerable version: 7.10.5 and earlier   Vulnerable component: middleware   Report confidence: Confirmed   Solution status: Fixed by Vendor   Fixed version: 7.10.5-rev32   Vendor notification: 2021-08-13   Solution date: 2021-12-14   Public disclosure: 2022-03-21   CVE reference: CVE-2021-44213   CVSS: 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)  Vulnerability Details:   Binary uu-encoded content at multipart/alternative E-Mails is processed as mail body without sanitization in certain cases.  Risk:   Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface (e.g. redirecting to a third-party site). To exploit this the victim needs to interact with the message.  Steps to reproduce:   1. Generate a malicious mail with binary unix-to-unix content and a specific header structure, add placeholder content to trigger the "Show entire message" feature   2. Send that E-Mail to the victim   3. As the victim, select the message and follow the "Show entire content" link  Proof of concept:   ?/'-C<FEP=#YA;&5R="@B6%-3(BD[/"]S8W)I<'0^"@`` becomes <script>alert("XSS");</script>  Solution:   We now advertise uu-encoded E-Mail parts as file attachment rather than the mail body.  `

CVE-2021-44211: OX App Suite 7.10.5 Cross Site Scripting ≈ Packet Storm

OX App Suite before 7.10.6-rev30 allows XSS via an upsell trigger.

Internal reference: OXUIB-1795  
Vulnerability type: CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS))  
Component: backend  
Report confidence: Confirmed  
Solution status: Fixed by Vendor  
Last affected revision: OX App Suite backend 7.10.5-rev50, OX App Suite backend 7.10.6-rev29  
First fixed revision: OX App Suite backend 7.10.5-rev51, OX App Suite backend 7.10.6-rev30  
Discovery date: 2022-07-29  
Solution date: 2022-10-21  
Disclosure date: 2023-02-08  
CVE: CVE-2022-37306  
CVSS: 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)

Details:  
XSS using "upsell" triggers. Non-alphanumeric content can be injected by the user as JS content for the "upsell" module. As a result, the code will be executed during subsequent logins and opening the "Portal" application, enabling a persistent cross-site scripting attack vector.

Risk:  
Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface (e.g. redirecting to a third-party site). To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. No publicly available exploits are known.

Solution:  
We improved the allow-list sanitizing algorithm to deal with non-alphanumeric code.

---

Internal reference: OXUIB-1933  
Vulnerability type: CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS))  
Component: frontend  
Report confidence: Confirmed  
Solution status: Fixed by Vendor  
Last affected revision: OX App Suite frontend 7.10.5-rev38, OX App Suite frontend 7.10.6-rev19  
First fixed revision: OX App Suite frontend 7.10.5-rev39, OX App Suite frontend 7.10.6-rev20  
Discovery date: 2022-09-26  
Solution date: 2022-10-21  
Disclosure date: 2023-02-08  
CVE: CVE-2022-43696  
CVSS: 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)

Details:  
XSS using "upsell ads". HTML content can be injected by the user as JS content for the "upsell ads" module. As a result, the code will be executed during subsequent logins and opening the "Portal" application, enabling a persistent cross-site scripting attack vector.

Risk:  
Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface (e.g. redirecting to a third-party site). To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. No publicly available exploits are known.

Solution:  
We improved the sanitization process for upsell ads.

---

Internal reference: MWB-1784  
Vulnerability type: CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS))  
Component: backend  
Report confidence: Confirmed  
Solution status: Fixed by Vendor  
Last affected revision: OX App Suite backend 7.10.5-rev50, OX App Suite backend 7.10.6-rev29  
First fixed revision: OX App Suite backend 7.10.5-rev51, OX App Suite backend 7.10.6-rev30  
Discovery date: 2022-08-16  
Solution date: 2022-10-25  
Disclosure date: 2023-02-08  
CVE: CVE-2022-43697  
CVSS: 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)

Details:  
"Tracking" features can be used to inject arbitrary script code. In case activity tracking adapters are enabled but not defined, users can use jslob to define own tracking settings for an account. This allows adding arbitrary values to trigger a specific URL or load a library.

Risk:  
Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface (e.g. redirecting to a third-party site). To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. No publicly available exploits are known.

Solution:  
We made the related jslob configuration endpoint read-only for users.

---

Internal reference: MWB-1823  
Vulnerability type: CWE-918 (Server-Side Request Forgery (SSRF))  
Component: backend  
Report confidence: Confirmed  
Solution status: Fixed by Vendor  
Last affected revision: OX App Suite backend 7.10.5-rev50, OX App Suite backend 7.10.6-rev29  
First fixed revision: OX App Suite backend 7.10.5-rev51, OX App Suite backend 7.10.6-rev30  
Discovery date: 2022-09-14  
Solution date: 2022-10-24  
Disclosure date: 2023-02-08  
CVE: CVE-2022-43698  
CVSS: 5.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)

Details:  
SSRF using POP3 account updates. When changing a valid external POP3 mail account as a user, the operation to update the accounts settings did not consider deny-list values.

Risk:  
Server-initiated requests can be directed to internal resources that are restricted based on deny-list settings. This can be used to determine "internal" addresses and services, depending on measurement and content of error responses. While no data of such services can be exfiltrated, the risk is a violation of perimeter based security policies. No publicly available exploits are known.

Solution:  
We now check compliance with existing deny-list content when updating POP3 mail accounts.

---

Internal reference: MWB-1862  
Vulnerability type: CWE-918 (Server-Side Request Forgery (SSRF))  
Component: backend  
Report confidence: Confirmed  
Solution status: Fixed by Vendor  
Last affected revision: OX App Suite backend 7.10.5-rev50, OX App Suite backend 7.10.6-rev29  
First fixed revision: OX App Suite backend 7.10.5-rev51, OX App Suite backend 7.10.6-rev30  
Discovery date: 2022-10-06  
Solution date: 2022-11-07  
Disclosure date: 2023-02-08  
CVE: CVE-2022-43699  
CVSS: 5.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)

Details:  
Mail account discovery can be abused for SSRF. The external E-Mail autodiscovery feature performs connections checks based on the E-Mail addresses host-part. Those do not take existing deny-lists into respect, allowing attackers with access to DNS records of a domain to redirect requests to illegal addresses.

Risk:  
Server-initiated requests can be directed to internal resources that are restricted based on deny-list settings. This can be used to determine "internal" addresses and services, depending on measurement and content of error responses. While no data of such services can be exfiltrated, the risk is a violation of perimeter based security policies. No publicly available exploits are known.

Solution:  
We check for compliance with existing deny-list content when performing mail account autodiscovery.

---

Internal reference: MWB-1882, DOCS-4580  
Vulnerability type: CWE-94 (Improper Control of Generation of Code ('Code Injection'))  
Component: office  
Report confidence: Confirmed  
Solution status: Fixed by Vendor  
Last affected revision: OX App Suite backend 7.10.5-rev50, OX App Suite backend 7.10.6-rev29, OX App Suite office 7.10.5-rev10, OX App Suite office 7.10.6-rev5  
First fixed revision: OX App Suite backend 7.10.5-rev51, OX App Suite backend 7.10.6-rev30, OX App Suite office 7.10.5-rev11, OX App Suite office 7.10.6-rev6  
Discovery date: 2022-10-19  
Solution date: 2022-10-21  
Disclosure date: 2023-02-08  
CVE: CVE-2022-42889  
CVSS: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Details:  
Apache Commons Text Update. A critical vulnerability at the Apache Commons Text library has been identified, which is used by OX App Suite and OX Documents. However, our products do not directly use the vulnerable StringSubstitutor class. Based on current knowledge that means our products are not vulnerable.

Risk:  
Remote Code Execution, see CVE-2022-42889. No publicly available exploits are known.

Solution:  
We provided a update for this library to resolve the risk as a precaution, in case custom implementations use the vulnerable class.

CVE-2022-37306: OX App Suite Cross Site Scripting

OX App Suite suffers from cross site scripting and server-side request forgery vulnerabilities.

OX App Suite Cross Site Scripting / Server-Side Request Forgery

In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning.

**Impact**

In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning, because there lacks a check for mismatched SegN and TotalLength in Transaction Start PDU.

In gen\_prov\_start, there lacks a check for mismatched SegN and TotalLength. For example, TotalLength 65 with SegN 62 in Transaction Start PDU is considered as valid (infact, if TotalLength is 65, SegN should be only 2). SegN 62 will be set into link.rx.last_seg.

By sending malformed Transaction Start PDU with legal TotalLength and oversize SegN, the check for SegO and SegN in Transaction Continue PDU can be bypassed.

In consequence, sending a Transaction Continue PDU with actually oversized (i.e., larger than 2, corresponding to the size of rx\_buf) SegO will trigger out-of-bound write. That is, if SegO > 2, then 20 + (SegO - 1)×23 + 23 > 65,  
  

where 20 + (SegO - 1)×23 is the offset.

**Patches**

This has been fixed in:

main: #45136  
v3.0: #45188  
v2.7: #45187

**Credits**

Han Yan(闫晗),Lewei Qu(曲乐炜),Dongxiang Ke(柯懂湘) of Baidu AIoT Security Team

**For more information**

If you have any questions or comments about this advisory:

*   Open an issue in zephyr
*   Email us at Zephyr-vulnerabilities

embargo: 2022-06-19

CVE-2022-1041

### Impact
Starting with 6.1, HTTP Inputs can be configured to check if a specified header is present and has a specified value to authenticate HTTP-based ingestion. Unfortunately, even though in cases of a missing header or a wrong value the correct HTTP response (401) is returned, the message will be ingested nonetheless.

### Patches

### Workarounds
Disabling http-based inputs and allow only authenticated pull-based inputs.

### References

Skip to content

**Navigation Menu**

*   *   GitHub Copilot
        
        Write better code with AI
        
    *   GitHub Advanced Security
        
        Find and fix vulnerabilities
        
    *   Actions
        
        Automate any workflow
        
    *   Codespaces
        
        Instant dev environments
        
    *   Issues
        
        Plan and track work
        
    *   Code Review
        
        Manage code changes
        
    *   Discussions
        
        Collaborate outside of code
        
    *   Code Search
        
        Find more, search less
        
    

*   Explore
    
    *   Learning Pathways
    *   Events & Webinars
    *   Ebooks & Whitepapers
    *   Customer Stories
    *   Partners
    *   Executive Insights
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   *   Enterprise platform
        
        AI-powered developer platform
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2025-30373

**Graylog's Authenticated HTTP inputs ingest message even if Authorization header is missing or has wrong value**

Moderate severity GitHub Reviewed Published Apr 7, 2025 in Graylog2/graylog2-server • Updated Apr 7, 2025

**Package**

maven org.graylog2:graylog2-server (Maven)

**Affected versions**

\>= 6.1.0, < 6.1.9

**Description**

**Impact**

Starting with 6.1, HTTP Inputs can be configured to check if a specified header is present and has a specified value to authenticate HTTP-based ingestion. Unfortunately, even though in cases of a missing header or a wrong value the correct HTTP response (401) is returned, the message will be ingested nonetheless.

**Patches****Workarounds**

Disabling http-based inputs and allow only authenticated pull-based inputs.

**References****References**

*   GHSA-q7g5-jq6p-6wvx
*   https://nvd.nist.gov/vuln/detail/CVE-2025-30373
*   Graylog2/graylog2-server@31bc13d

Published to the GitHub Advisory Database

Apr 7, 2025

**EPSS score**

GHSA-q7g5-jq6p-6wvx: Graylog's Authenticated HTTP inputs ingest message even if Authorization header is missing or has wrong value

Insufficient control flow management in the Intel(R) Advisor software before version 7.6.0.37 may allow an authenticated user to potentially enable escalation of privilege via local access.

**Select Your Region**

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® Advisor Advisory**

**Summary: **

A potential security vulnerability in the Intel® Advisor software may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2022-21128

Description: Insufficient control flow management in the Intel(R) Advisor software before version 7.6.0.37 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

**Affected Products:**

Intel® Advisor software before version 7.6.0.37.

**Recommendations:**

Intel recommends updating the Intel® Advisor software to version 7.6.0.37 or later.

Updates are available for download at these locations: Intel® Advisor is available as a standalone installation and as part of the Intel® oneAPI Base Toolkit.

**Acknowledgements:**

The following issue was found internally by an Intel employee.  Intel would like to thank Alexey Murashov.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

05/10/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at https://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  
Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-21128: INTEL-SA-00661

Insecure default variable initialization of Intel(R) RealSense(TM) ID Solution F450 before version 2.6.0.74 may allow an unauthenticated user to potentially enable information disclosure via physical access.

**Select Your Region**

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® RealSense™ ID Solution F450 Advisory**

**Summary: **

A potential security vulnerability in the Intel® RealSense™ ID Solution F450 may allow escalation of privilege.  Intel is releasing firmware updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2021-33130

Description: Insecure default variable initialization of Intel(R) RealSense(TM) ID Solution F450 before version 2.6.0.74 may allow an unauthenticated user to potentially enable information disclosure via physical access.

CVSS Base Score: 4.8 Medium

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

**Affected Products:**

Intel® RealSense™ ID Solution F450 before version 2.6.0.74.

**Recommendations:**

Intel recommends updating the Intel® RealSense™ ID Solution F450 to version 2.6.0.74 or later.

Updates are available for download at this location: https://github.com/IntelRealSense/RealSenseID/releases/tag/v0.17.1

**Acknowledgements:**

The following issue was found internally by Intel employees.  Intel would like to thank Julien Lenoir, Kristin Paget, Peter Bosch, John Whiteman, Nael Masalha and William Burton.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

05/10/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at https://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  
Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2021-33130: INTEL-SA-00595

In onHandleIntent of TraceService.java, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-11 Android ID: A-142936525

_Published December 7, 2020 | Updated February 10, 2021_

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices (Google devices). For Google devices, security patch levels of 2020-12-05 or later address all issues in this bulletin and all issues in the December 2020 Android Security Bulletin. To learn how to check a device's security patch level, see Check and update your Android version.

All supported Google devices will receive an update to the 2020-12-05 patch level. We encourage all customers to accept these updates to their devices.

**Announcements**

*   In addition to the security vulnerabilities described in the December 2020 Android Security Bulletin, Google devices also contain patches for the security vulnerabilities described below. When applicable, partners were notified that these issues are being addressed, and may choose to incorporate them as part of their device updates.

**Security patches**

Vulnerabilities are grouped under the component that they affect. There is a description of the issue and a table with the CVE, associated references, type of vulnerability, severity, and updated Android Open Source Project (AOSP) versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.

**Framework**

    

CVE

References

Type

Severity

Component

CVE-2020-0475

A-162324374

EoP

Moderate

11

CVE-2020-0479

A-157294893

EoP

Moderate

11

CVE-2020-0480

A-157320716

EoP

Moderate

11

CVE-2020-0485

A-166125765

EoP

Moderate

11

CVE-2020-0486

A-150857116

EoP

Moderate

11

CVE-2020-27052

A-158833495

EoP

Moderate

11

CVE-2020-0482

A-150706572

ID

Moderate

11

CVE-2020-0493

A-150615407

ID

Moderate

11

CVE-2020-0495

A-155473137

ID

Moderate

11

CVE-2020-0496

A-149481220

ID

Moderate

11

CVE-2020-0497

A-158481661

ID

Moderate

11

CVE-2020-0500

A-154913391

ID

Moderate

11

CVE-2020-27026

A-79776455

ID

Moderate

11

**Media framework**

    

CVE

References

Type

Severity

Component

CVE-2020-0489

A-151096540

RCE

Moderate

11

CVE-2020-0474

A-169282240

EoP

Moderate

11

CVE-2020-0478

A-150780418

EoP

Moderate

11

CVE-2020-0483

A-155647761 \[2\]

EoP

Moderate

11

CVE-2020-0484

A-155769496

EoP

Moderate

11

CVE-2020-0244

A-145262423

ID

Moderate

11

CVE-2020-0488

A-158484516

ID

Moderate

11

CVE-2020-0490

A-155560008

ID

Moderate

11

CVE-2020-0492

A-154058264

ID

Moderate

11

CVE-2020-0494

A-152895390

ID

Moderate

11

CVE-2020-0498

A-160633884

ID

Moderate

11

CVE-2020-0499

A-156076070

ID

Moderate

11

CVE-2020-27035

A-152239213

ID

Moderate

11

CVE-2020-27057

A-161903239 \[2\] \[3\] \[4\]

ID

Moderate

11

CVE-2017-6888

A-124775381

DoS

Moderate

11

CVE-2020-0491

A-156819528

DoS

Moderate

11

CVE-2020-27038

A-154302257

DoS

Moderate

11

**System**

    

CVE

References

Type

Severity

Component

CVE-2020-0202

A-142936525

EoP

Moderate

11

CVE-2020-0473

A-160691486

EoP

Moderate

11

CVE-2020-0481

A-157472962

EoP

Moderate

11

CVE-2020-27030

A-150612638

EoP

Moderate

11

CVE-2020-27036

A-153731369

EoP

Moderate

11

CVE-2020-27044

A-157066561

EoP

Moderate

11

CVE-2020-27045

A-157649398

EoP

Moderate

11

CVE-2020-27048

A-157650117

EoP

Moderate

11

CVE-2020-27049

A-157649467

EoP

Moderate

11

CVE-2020-27050

A-157650365

EoP

Moderate

11

CVE-2020-27051

A-157650338

EoP

Moderate

11

CVE-2020-27054

A-159061926

EoP

Moderate

11

CVE-2020-0280

A-136565424 \[2\]

ID

Moderate

11

CVE-2020-0476

A-162014574

ID

Moderate

11

CVE-2020-0477

A-162246414 \[2\]

ID

Moderate

11

CVE-2020-27021

A-168712245

ID

Moderate

11

CVE-2020-27023

A-156009462

ID

Moderate

11

CVE-2020-27024

A-162327732

ID

Moderate

11

CVE-2020-27025

A-156008365

ID

Moderate

11

CVE-2020-27027

A-122358602

ID

Moderate

11

CVE-2020-27028

A-141618611

ID

Moderate

11

CVE-2020-27031

A-151313205

ID

Moderate

11

CVE-2020-27032

A-150857259

ID

Moderate

11

CVE-2020-27033

A-153655153

ID

Moderate

11

CVE-2020-27034

A-153556754

ID

Moderate

11

CVE-2020-27037

A-153731335

ID

Moderate

11

CVE-2020-27039

A-153878498

ID

Moderate

11

CVE-2020-27040

A-153731880

ID

Moderate

11

CVE-2020-27041

A-154928507

ID

Moderate

11

CVE-2020-27043

A-155234594

ID

Moderate

11

CVE-2020-27046

A-157649306

ID

Moderate

11

CVE-2020-27047

A-157649298

ID

Moderate

11

CVE-2020-27053

A-159371448

ID

Moderate

11

CVE-2020-27055

A-161378819

ID

Moderate

11

CVE-2020-27056

A-161356067 \[2\]

ID

Moderate

11

CVE-2020-27029

A-140218875 \[2\]

DoS

Moderate

11

**Kernel components**

    

CVE

References

Type

Severity

Component

CVE-2020-13143

A-157291413

EoP

Moderate

USB gadget

CVE-2020-25220

A-168590505

EoP

Moderate

Network

CVE-2020-27066

A-168043318\*

EoP

Moderate

ipv6 xfrm

CVE-2020-27067

A-152409173 \[2\] \[3\] \[4\] \[5\] \[6\] \[7\] \[8\] \[9\] \[10\] \[11\] \[12\] \[13\] \[14\] \[15\] \[16\] \[17\] \[18\] \[19\] \[20\] \[21\] \[22\] \[23\] \[24\]

EoP

Moderate

Linux L2TP Subsystem

CVE-2018-16862

A-124036681

ID

Moderate

Memory management

CVE-2019-19535

A-146642941

ID

Moderate

PCAN-USB FD driver

CVE-2020-27068

A-119770583

ID

Moderate

Netlink

CVE-2019-20812

A-158178081

DoS

Moderate

Network

**Qualcomm components**

    

CVE

References

Type

Severity

Component

CVE-2020-11152

A-129282808  
QC-CR#2144976

N/A

Moderate

GNSS HAL

CVE-2020-11183

A-72228042  
QC-CR#2114346 \[2\]

N/A

Moderate

Graphics

CVE-2020-11148

A-150222083  
QC-CR#2542923

N/A

Moderate

Qualcomm Bluetooth service

CVE-2020-11149

A-158197715  
QC-CR#2594185 \[2\] \[3\]

N/A

Moderate

Camera

CVE-2020-11150

A-158198197  
QC-CR#2629969 \[2\]

N/A

Moderate

Camera

CVE-2020-11151

A-158198372  
QC-CR#2631383 \[2\]

N/A

Moderate

Video

**Functional patches**

For details on the new bug fixes and functional patches included in this release, refer to the Pixel Community forum.

**Common questions and answers**

This section answers common questions that may occur after reading this bulletin.

**1\. How do I determine if my device is updated to address these issues?**

Security patch levels of 2020-12-05 or later address all issues associated with the 2020-12-05 security patch level and all previous patch levels. To learn how to check a device's security patch level, read the instructions on the Google device update schedule.

**2\. What do the entries in the _Type_ column mean?**

Entries in the _Type_ column of the vulnerability details table reference the classification of the security vulnerability.

 

Abbreviation

Definition

RCE

Remote code execution

EoP

Elevation of privilege

ID

Information disclosure

DoS

Denial of service

N/A

Classification not available

**3\. What do the entries in the _References_ column mean?**

Entries under the _References_ column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.

 

Prefix

Reference

A-

Android bug ID

QC-

Qualcomm reference number

M-

MediaTek reference number

N-

NVIDIA reference number

B-

Broadcom reference number

**4\. What does an \* next to the Android bug ID in the _References_ column mean?**

Issues that are not publicly available have an \* next to the Android bug ID in the _References_ column. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the Google Developer site.

**5\. Why are security vulnerabilities split between this bulletin and the Android Security Bulletins?**

Security vulnerabilities that are documented in the Android Security Bulletins are required to declare the latest security patch level on Android devices. Additional security vulnerabilities, such as those documented in this bulletin are not required for declaring a security patch level.

**Versions**

  

Version

Date

Notes

1.0

December 7, 2020

Bulletin published

1.1

December 10, 2020

Bulletin revised to include AOSP links

1.2

January 11, 2021

Revised CVE table

1.3

February 10, 2021

Revised CVE table

CVE-2020-0202: Pixel Update Bulletin—December 2020  |  Android Open Source Project

Red Hat Security Advisory 2023-0069-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.24.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Low: OpenShift Container Platform 4.11.24 bug and security update  
Advisory ID:       RHSA-2023:0069-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0069  
Issue date:        2023-01-19  
CVE Names:         CVE-2022-32189 CVE-2023-0296   
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.11.24 is now available with  
updates to packages and images that fix several bugs.

Red Hat Product Security has rated this update as having a security impact  
of Low. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container  
Platform 4.11.24. See the following advisory for the RPM packages for this  
release:

https://access.redhat.com/errata/RHBA-2022:0068

Security Fix(es):

* openshift: etcd grpc-proxy vulnerable to The Birthday attack against  
64-bit block cipher (CVE-2023-0296)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Space precludes documenting all of the container images in this advisory.  
See the following Release Notes documentation, which will be updated  
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

3. Solution:

For OpenShift Container Platform 4.11 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:  
https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

You may download the oc tool and use it to inspect release image metadata  
for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests  
may be found at  
https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags

The SHA values for the release are:

  (For x86_64 architecture)  
The image digest is  
sha256:24a273f879d6eed8d6cce1426798a623ebbe095e01a881e58aa78c4e9eff0c8b

  (For s390x architecture)  
The image digest is  
sha256:620f3b21d5157c3223c0a45aae2fc3aac0d11f1d561f025e3d5730f628c95e05

  (For ppc64le architecture)  
The image digest is  
sha256:96eebd99bc9ba668447ffce90eb887012d000edfeca3994a4726fb72ef314b88

  (For aarch64 architecture)  
The image digest is  
sha256:a57a6844a0d6506309b3bb7bc3883384c907ffa331008423b32f4f3633795494

All OpenShift Container Platform 4.11 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift Console  
or the CLI oc command. Instructions for upgrading a cluster are available  
at  
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2161287 - CVE-2023-0296 openshift: etcd grpc-proxy vulnerable to The Birthday attack against 64-bit block cipher

5. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-1567 - Automation Offline CPUs Test cases  
OCPBUGS-3290 - WriteRequestBodies audit profile records routes/status events at RequestResponse level  
OCPBUGS-4761 - [4.11] Bump OVS control plane to get "ovsdb/transaction.c: Refactor assess_weak_refs."  
OCPBUGS-4908 - [OCP 4.11] ironic container images have old packages  
OCPBUGS-5075 - [4.11] SNO not able to bring up Provisioning resource in 4.11.17  
OCPBUGS-5099 - [4.11] coreos-installer output not available in the logs  
OCPBUGS-5145 - virtual media provisioning fails when iLO Ironic driver is used  
OCPBUGS-5258 - Add support for API version v1beta1 for knativeServing and knativeEventing  
OCPBUGS-5290 - PTP 4.12 Regression - CLOCK REALTIME status is locked when physical interface is down  
OCPBUGS-5341 - Placeholder bug for OCP 4.11.0 rpm release  
OCPBUGS-5359 - [release-4.11] Azure: unable to configure EgressIP if an ASG is set  
OCPBUGS-5404 - [4.11] provisioning on ilo4-virtualmedia BMC driver fails with error: "Creating vfat image failed: Unexpected error while running command"  
OCPBUGS-5418 - Dev Sandbox clusters uses clusterType OSD and there is no way to enforce DEVSANDBOX  
OCPBUGS-5450 - events.events.k8s.io is forbidden: User "system:serviceaccount:openshift-kube-descheduler-operator:openshift-descheduler-operand" cannot create resource "events" in API group "events.k8s.io" in the namespace "e2e-test-default-b6y9atnu-jxz6p"

6. References:

https://access.redhat.com/security/cve/CVE-2022-32189  
https://access.redhat.com/security/cve/CVE-2023-0296  
https://access.redhat.com/security/updates/classification/#low

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY8lxFNzjgjWX9erEAQiQrQ//cp/jXovEN1RtpHOw/jW4usDnDCZGhb8X  
QWN9P9uRy1gdYnVAb0p1A7v4mU6EHRpbX/2mdS/fv09mZO5ZIO1qxurMfzW/vGkS  
CariMuZWzFaH308c3ffVK1iUJaurOiMuNcWTmP+2JCnbQFjGnByOIP03MC7HPvfI  
M1Vs7Smtt5occLpv4Yp1/szia0XCQ85PmyVdCnnRiYaRvQi9E7WRREoov/7GZ0ht  
Qt/CjX8jBL4bGu9p4mHe8J4j2khDWYlg0XdkpxPRjCd6eivvH5MNjAFlvj5Kx2KI  
EHENtxffRIPWynZSCG8f1VF9SNk+bw4dJHESx9ej6hWUixL3ftQV9+qfmPH2erx5  
nYsQri4MvLWdYKGZf6LS4GIsuGasObLm5MThtvt0IEDOD8tp9gDKfCleBWYtyh5m  
XSe2EM8u+GAPXuMmocxBsCTVK/7fmbVeFXysRfSVcf9DnA1Ty0VcqcT3MF+DHSjE  
W5zpXWRJBRnW0iow/K9iVgpLQLe8xLqvDdj2loXgJI+r8yl3PjWzRqjkJXIhekvn  
SL+U9JYHD6Zu4RyH0/Eu/9WKDSU3WPLK4f/5smeWMqO+/kOmXd6u2YNnW8OnKxcv  
LKVpdBRoI5qkE0Wmj0iwDEonXu+fM0JRM1SjFlmA8gySBxwzAfnBYaLCGS2mRi9B  
1ekB3eHLkZ8=  
=MvIu  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Search

lenovo warranty check/lookup | check warranty status | lenovo support us