The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert for IT staff to be aware of two new updates from Intel, one for the firmware in certain data center solid-state disk (SSD) devices and the other for the Intel Processor Diagnostic Tool.
The SSD update is in response to CVE-2018-18095. The vulnerability, discovered internally at Intel, could allow attackers to gain access and update their privileges to then launch attacks on other system components.
Intel updated its Processor Diagnostic Tool in response to another privilege escalation vulnerability, this one discovered by Jesse Michael from Eclypsium and described in CVE-2019-11133. This is a higher-priority vulnerability than that in the SSD because it could allow privilege escalation, information disclosure, or denial-of-service attack against the victim.
For more, read here.