Debian Linux Security Advisory 5278-1 - It was discovered that a buffer overflow in the _getCountedString() function of the Xorg X server may result in denial of service or potentially the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5278-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
November 13, 2022                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : xorg-server  
CVE ID         : CVE-2022-3550 CVE-2022-3551

It was discovered that a buffer overflow in the _getCountedString()  
function of the Xorg X server may result in denial of service or  
potentially the execution of arbitrary code.

For the stable distribution (bullseye), these problems have been fixed in  
version 2:1.20.11-1+deb11u3.

We recommend that you upgrade your xorg-server packages.

For the detailed security status of xorg-server please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/xorg-server

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmNxPhMACgkQEMKTtsN8  
TjYGIw//eDkQaWMUaRzlfNcFJUPkYQJot20IGvCa5UwUgNCcky13/riQ13OedOAZ  
n7ORM7vtn28v3WhQkUqO2XJ8ODT0LGKuAFuwbXOLqJd/f1bqkhAVYp0eNMmZm3wr  
CLfa8zoTM0lh4eOu5r7ecdFSd/sZ3Dy7ODwL8tuOaTrHo+rJ5epYd2xqrFxVi9NA  
EfyeycQb8LY+/OqCbpp8nUq+CpvT22Z7oNTgQpKy4ScQKLe7pqPQDO4VEkSwsBrs  
HGInGuNRMMM3uAHTTQts6tn4jK5eou24hws1fYUXSi57zTJc5jwVG75jhIjEtGOm  
/UfnEhAbUeEB+o21gP0HAxLy1F20h8Qonasvh3LH1ormzwhl8RqVR/Ny62jb79/k  
jlS4IUUQGPK8WYdbkJPrs1GFu/2quW8VWcpYRIE5b/Ylq/XsmLNotSVs29ID10Q2  
U91rimYdlTKG3UDsErFzBh6uPqNP2vWUimpPq6nRQgEfX94H2kb96cyE1EpKnDnk  
jf1+UINP4Pe2r+XPGglw9krUGWsFMIJoPohCwOsXBSNhkfOJ4bO4huOzz3C1XLy3  
9i6BIrhaZRrKASemZSGieoKQyHXfsCBN1JIsoXYqYPxIu6STvyoG4kIv8VlAylXY  
9b9F1jtO2G3zGXuVlPEwJacMh5CPKNcUJP/SgpRrcov0iop/X8U=gxG8  
-----END PGP SIGNATURE-----

Debian Security Advisory 5278-1

Debian Linux Security Advisory 5277-1 - Multiple security issues were discovered in PHP, a widely-used open source general purpose scripting language which could result an denial of service, information disclosure, insecure cooking handling or potentially the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5277-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffNovember 13, 2022                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : php7.4CVE ID         : CVE-2022-31630 CVE-2022-37454 CVE-2022-31629 CVE-2022-31628Multiple security issues were discovered in PHP, a widely-used opensource general purpose scripting language which could result an denialof service, information disclosure, insecure cooking handling orpotentially the execution of arbitrary code.For the stable distribution (bullseye), these problems have been fixed inversion 7.4.33-1+deb11u1.We recommend that you upgrade your php7.4 packages.For the detailed security status of php7.4 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/php7.4Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmNxOm0ACgkQEMKTtsN8TjYZ7xAAspdPvtpc+Sq8l2NsZlKUew50JSsTb0UbwAYH0G8prnYzEQK898syuP2eaZsbPHec/aqClyvFfrhnWsrGyWUAwHtQIHmG0lIPXAZuCMawbud95MY3sFY7lidK+6UvTFxBCx3hbYaZE/Xz+3Zsx6qX3L+eSQSEdVKy4lV4CbZtVBM3iVlg+lB+EXZqFjdZZsoDSbK5K8pYRD2HQBMa7RMFau/zYc7ZZpcwRjcojUvrLB+2xQHitcCZLxNtJ4IpNqKr3BmDfIe+h9mzY9q22sdTC5H29u9p+s2XssYgNfkS9h6IxBfYbYQAwxZLfBIDJ3inbmAnHz/OBTEcmt/OufdaBUt0V4otddaZHT/6nhaY/0Hhdd9f5F40ohKGR4R4nv5zFKVLB9/fONxPjKARj7X81PsBhB7GFzKbrdQtpK+tTek/sxDJTW5TSvN+tvRtAPBTxzEbvzl+duscIZr7eVlIqfd/tLuspnc/iaeOxBWup1ekx8Eu5voHcC3SFnLJCFeSdqfA9/qiG8Gj/FYA4a8/S2D7mWH+xQlT1aWVU33b9bgJkzdg1WYj79Dv6K9Yg64T22CIy0w8EOpQXSJcKlILd6gP6cdz3P5WfCt/51VhBQAJb/+qd4w98c5LAhoet75dSWVIbynja1asPTMZ1RhJvIWpYud3LmfOAO8Q/NFGYtc=MMQt-----END PGP SIGNATURE-----

Debian Security Advisory 5277-1

Debian Linux Security Advisory 5276-1 - Maddie Stone reported a heap-based buffer overflow flaw in pixman, a pixel-manipulation library for X and cairo, which could result in denial of service or potentially the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5276-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoNovember 12, 2022                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : pixmanCVE ID         : CVE-2022-44638Debian Bug     : 1023427Maddie Stone reported a heap-based buffer overflow flaw in pixman, apixel-manipulation library for X and cairo, which could result in denialof service or potentially the execution of arbitrary code.For the stable distribution (bullseye), this problem has been fixed inversion 0.40.0-1.1~deb11u1.We recommend that you upgrade your pixman packages.For the detailed security status of pixman please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/pixmanFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKSBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmNvmIhfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0ToTQ/3bIRPJMysz984NBivSyxdCCD4If1AjwKLr+At3fHCJVs3BrzY/K+nBMlWSkzBVcWGnIyJ7WF50DKwnEflUrjDBLMrYN6v+PEXgZGSWsTsyy4pcmJxYwZsyxJvZv0uuqEKT2VAFIG8MjAVNjCzRadJnLzCi7EFvheMiRXpWMMUt3DlOvtu+075TXW65n1TgBbgVSqGtg83oRoCqU213nxgkYhdxASHTLPqU8GIYUtIngbRpk/mPy+NZKDtcofrpqnd5QuRngkRvqqFs7h0u3U0bFVO7miG0mMJWAm/QNZN5NLNoxfZrBUhoZWgjGJ1tu6NQVggAmb3rb6DCNwWKVnCqFyZOaInDcq9Up6Rh+NbLMMhUm0ghFKp+rr2sWZ+Pmnn4tnvZLb47kJDUk7ZP/LCC9q6hd5yFpKdRTxCznCH+9gmxfqOKSW5qBgWyCsbVySLQcuNZwRf1zgynkilNgyKcRNUnMeZU7FZVB9zABxwWqgD/ZVJIKhts5mq6hyLKXwTzwtQ0Kw7kYHkRya3hv6BFwJm7saKhHKySGb7JceFz2udBUoeA9y/pgGSGEJUWenuuQ0LVKH8QflbsfI8jlVKdUlHEYVrYo2yjULr9rraURabK6OClmrs9JI3Fg6PEl/wwh+SKmdeJZqOY4Vse4ZxcRfN0sGtiu1hfqTM6owm8Q==0y3/-----END PGP SIGNATURE-----

Debian Security Advisory 5276-1

Pillow starting with 9.2.0 and prior to 9.3.0 allows denial of service via SAMPLESPERPIXEL. A large value in the SAMPLESPERPIXEL tag could lead to a memory and runtime DOS in TiffImagePlugin.py when setting up the context for image decoding. This issue has been patched in version 9.3.0.

**Pillow subject to DoS via SAMPLESPERPIXEL tag**

Moderate severity GitHub Reviewed Published Nov 14, 2022 • Updated Nov 15, 2022

GHSA-q4mp-jvh2-76fj: Pillow subject to DoS via SAMPLESPERPIXEL tag

Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.

**Conversation**

 

A large value in the SAMPLESPERPIXEL tag could lead to a memory and
runtime DOS in TiffImagePlugin.py when setting up the context for
image decoding.

 

 

Tests/test\_file\_tiff.py::TestFileTiff::test\_oom\[Tests/images/oom-225817ca0f8c663be7ab4b9e717b02c661e66834.tif\]
  PIL/TiffImagePlugin.py:850: UserWarning: Corrupt EXIF data.  Expecting to read 12 bytes but only got 6. 
    warnings.warn(str(msg))

Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>

 hugovk deleted the security-samples\_per\_pixel-sec branch

Oct 29, 2022

CVE-2022-45199: Limit SAMPLESPERPIXEL to avoid runtime DOS by hugovk · Pull Request #6700 · python-pillow/Pillow

A newly discovered evasive malware leverages the Secure Shell (SSH) cryptographic protocol to gain entry into targeted systems with the goal of mining cryptocurrency and carrying out distributed denial-of-service (DDoS) attacks.
Dubbed KmsdBot by the Akamai Security Intelligence Response Team (SIRT), the Golang-based malware has been found targeting a variety of companies ranging from gaming to

A newly discovered evasive malware leverages the Secure Shell (SSH) cryptographic protocol to gain entry into targeted systems with the goal of mining cryptocurrency and carrying out distributed denial-of-service (DDoS) attacks.

Dubbed **KmsdBot** by the Akamai Security Intelligence Response Team (SIRT), the Golang-based malware has been found targeting a variety of companies ranging from gaming to luxury car brands to security firms.

"The botnet infects systems via an SSH connection that uses weak login credentials," Akamai researcher Larry W. Cashdollar said. "The malware does not stay persistent on the infected system as a way of evading detection."

The malware gets its name from an executable named "kmsd.exe" that's downloaded from a remote server following a successful compromise. It's also designed to support multiple architectures, such as Winx86, Arm64, mips64, and x86\_64.

KmsdBot comes with capabilities to perform scanning operations and propagate itself by downloading a list of username and password combinations. It's also equipped to control the mining process and update the malware.

Akamai said the first observed target of the malware was a gaming company named FiveM, a multiplayer mod for Grand Theft Auto V that allows players to access custom role-playing servers.

The DDoS attacks observed by the web infrastructure company include Layer 4 and Layer 7 attacks, wherein a flood of TCP, UDP, or HTTP GET requests are sent to overwhelm a target server's resources and hamper its ability to process and respond.

"This botnet is a great example of the complexity of security and how much it evolves," Cashdollar said. "What seems to have started as a bot for a game app has pivoted into attacking large luxury brands."

The findings come as vulnerable software is being increasingly used to deploy cryptocurrency miners, jumping from 12% in Q1 2022 to 17% in Q3, according to telemetry data from Kaspersky. Nearly half of the analyzed samples of malicious mining software (48%) secretly mine Monero (XMR).

"Interestingly, the most targeted country in Q3 2022 was Ethiopia (2.38%), where it is illegal to use and mine cryptocurrencies," the Russian cybersecurity company said. "Kazakhstan (2.13%) and Uzbekistan (2.01%) follow in second and third place."

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

New KmsdBot Malware Hijacking Systems for Mining Crypto and Launch DDoS Attacks

Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist.

Signed-off-by: Vladyslav Kopaihorodskyi vlad.kopaygorodsky@gmail.com

**Type of change**

*   Bug fix

**Description**

Do not create a new chain of type etcdraft.Chain if such exists in the map of chains. This can happen when in Raft protocol a channel was created, but not marked as done in WAL logs. So at orderer startup, it tried to create another instance of a chain and panicked because that instance startup failed.

**Related issues**

#2931

**Release Note**

Fixed bug when an orderer crashed at channel creation and after restart couldn't bootstrap because of desynchronization between WAL logs and ledger state.

CVE-2022-45196: FAB-2931: do not create a chain if it's already created by kopaygorodsky · Pull Request #2934 · hyperledger/fabric

Ubuntu Security Notice 5724-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass Content Security Policy or other security restrictions, or execute arbitrary code. These issues only affect Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

    ==========================================================================Ubuntu Security Notice USN-5724-1November 11, 2022thunderbird vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.10- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in Thunderbird.Software Description:- thunderbird: Mozilla Open Source mail and newsgroup clientDetails:Multiple security issues were discovered in Thunderbird. If a user weretricked into opening a specially crafted website in a browsing context, anattacker could potentially exploit these to cause a denial of service,bypass Content Security Policy (CSP) or other security restrictions, orexecute arbitrary code. These issues only affect Ubuntu 18.04 LTS, Ubuntu20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-3266, CVE-2022-40956,CVE-2022-40957, CVE-2022-40958, CVE-2022-40959, CVE-2022-40960,CVE-2022-40962)Multiple security issues were discovered in the Matrix SDK bundled withThunderbird. An attacker could potentially exploit these in order toimpersonate another user. These issues only affect Ubuntu 18.04 LTS,Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-39236, CVE-2022-39249,CVE-2022-39250, CVE-2022-39251)Multiple security issues were discovered in Thunderbird. If a user weretricked into opening a specially crafted website in a browsing context, anattacker could potentially exploit these to cause a denial of service,obtain sensitive information, or execute arbitrary code. (CVE-2022-42927,CVE-2022-42928, CVE-2022-42929, CVE-2022-42932)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.10:  thunderbird                     1:102.4.2+build2-0ubuntu0.22.10.1Ubuntu 22.04 LTS:  thunderbird                     1:102.4.2+build2-0ubuntu0.22.04.1Ubuntu 20.04 LTS:  thunderbird                     1:102.4.2+build2-0ubuntu0.20.04.1Ubuntu 18.04 LTS:  thunderbird                     1:102.4.2+build2-0ubuntu0.18.04.1After a standard system update you need to restart Thunderbird to makeall the necessary changes.References:  https://ubuntu.com/security/notices/USN-5724-1  CVE-2022-3266, CVE-2022-39236, CVE-2022-39249, CVE-2022-39250,  CVE-2022-39251, CVE-2022-40956, CVE-2022-40957, CVE-2022-40958,  CVE-2022-40959, CVE-2022-40960, CVE-2022-40962, CVE-2022-42927,  CVE-2022-42928, CVE-2022-42929, CVE-2022-42932Package Information:  https://launchpad.net/ubuntu/+source/thunderbird/1:102.4.2+build2-0ubuntu0.22.10.1  https://launchpad.net/ubuntu/+source/thunderbird/1:102.4.2+build2-0ubuntu0.22.04.1  https://launchpad.net/ubuntu/+source/thunderbird/1:102.4.2+build2-0ubuntu0.20.04.1  https://launchpad.net/ubuntu/+source/thunderbird/1:102.4.2+build2-0ubuntu0.18.04.1

Ubuntu Security Notice USN-5724-1

IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335.

CVE-2022-31772: IBM MQ denial of service CVE-2022-31772 Vulnerability Report

Improper input validation for some Intel(R) PROSet/Wireless WiFi, Intel vPro(R) CSME WiFi and Killer(TM) WiFi products may allow unauthenticated user to potentially enable denial of service via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® PROSet/Wireless WiFi, Intel vPro® CSME WiFi and Killer™ WiFi Advisory**

**Summary: **

A potential security vulnerability in some Intel® PROSet/Wireless WiFi, Intel vPro® CSME WiFi and Killer™ WiFi products may allow denial of service. Intel is releasing a firmware update to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2022-26047

Description: Improper input validation for some Intel(R) PROSet/Wireless WiFi, Intel vPro(R) CSME WiFi  and Killer(TM) WiFi products may allow unauthenticated user to potentially enable denial of service via local access.

CVSS Base Score: 4.3 Medium

CVSS Vector:  CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

**Affected Products:**

Intel® PROSet/Wireless WiFi firmware before version 22.140, Killer™ WiFi firmware before version 3.1122.3158 and UEFI version 2.2.14.22176.2.

**CVE ID**

**Affected Products**

**Affected OS**

CVE-2022-26047

Intel® Wi-Fi 6E AX411

Intel® Wi-Fi 6E AX211

Intel® Wi-Fi 6E AX210

Intel® Wi-Fi 6 AX201

Intel® Wi-Fi 6 AX200

Windows 10 & 11

Linux

Chrome OS

UEFI

CSME

CVE-2022-26047

Killer™ Wi-Fi 6E AX1690

Killer™ Wi-Fi 6E AX1675

Killer™ Wi-Fi 6 AX1650

Windows 10 & 11

**Recommendations:**

**Windows:**

Intel recommends updating Intel® PROSet/Wireless WiFi software to version 22.140 or later.

Updates are available for download at this location:

https://www.intel.com/content/www/us/en/download/19351/windows-10-and-windows-11-wi-fi-drivers-for-intel-wireless-adapters.html

Intel recommends updating Killer™ WiFi software to version 3.1122.3158 or later.

Updates for Killer™ products are available for download at this location:

https://www.intel.com/content/www/us/en/download/19779/intel-killer-performance-suite.html?wapkw=killer

**UEFI:**

Intel recommends updating Intel® PROSet/Wireless WiFi UEFI drivers to version 2.2.14.22176 or later.

Please contact your OEM support group to obtain the correct driver version.

**Chrome OS:**

Intel® PROSet/Wireless WiFi drivers to mitigate this vulnerability will be up streamed to Chromium by November 08, 2022.

For any Google Chrome OS solution and schedule, please contact Google directly.

**Linux OS:**

Intel® PROSet/Wireless WiFi drivers to mitigate this vulnerability will be up streamed by November 08, 2022.

Consult the regular open-source channels to obtain this update.

**Recommendation for Intel vPRO® CSME WiFi products:**

Intel recommends updating Intel vPRO® CSME WiFi products to the following versions or newer.

**Platform**

**CSME Version**

**Device**

12th Generation Intel® Core Processor

16.1.25.1885v2

Intel® Wi-Fi 6E AX211

Intel® Wi-Fi 6E AX210

12th Generation Intel® Core Processor – Performance cores

16.1.25.1865v6.1

Intel® Wi-Fi 6E AX211

Intel® Wi-Fi 6E AX210

11th Generation Intel® Core Processor

15.0.42.2235

Intel® Wi-Fi 6 AX210

Intel® Wi-Fi 6 AX201

Intel® Wi-Fi 6 AX200

10th Generation Intel® Core Processor

14.1.67.2046

Intel® Wi-Fi 6E AX210

Intel® Wi-Fi 6 AX201

ntel® Wi-Fi 6 AX200

9th Generation Intel® Core Processor

12.0.92.2145v3

Intel® Wi-Fi 6 AX200

8th Generation Intel® Core Processor

12.0.92.2145v3

Intel® Wi-Fi 6 AX200

Intel recommends that users of Intel® vPRO® CSME WiFi products update to the latest version provided by the system manufacturer that addresses these issues.  

**Acknowledgements:**

The following issue was found internally by an Intel employee.  Intel would like to thank Julien Lenoir.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

11/08/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

Tag

#dos