Two High-Severity Vulnerabilities Found in Multiple Intel NUC Platforms

A couple of high-severity vulnerabilities in Intel’s NUC platform prompted the company to release an advisory and to caution users to upgrade their platforms as soon as possible.

Intel NUC is a small-form-factor barebone computer kit that can be adapted for a wide variety of devices, including mini-PCs that run Windows 10. Intel has so far released eight generations, and the recent vulnerabilities affected multiple versions, including the latest ones.

The problem with development platforms is that they become widely used in a large number of devices, and their implementation is not limited to what Intel official provides. Since patches require firmware updates, many affected devices currently running in the wild will likely never see a patch.

“Memory corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access,” reads Intel’s advisory.

Companies and researchers report vulnerabilities all the time, with different degrees of severity. With a score of 7.5 out of 10 (CVSS), the vulnerabilities are considered high severity and warrant immediate firmware updates from Intel.

The following platforms are affected:

• Intel NUC 8 Mainstream Game Kit
• Intel NUC 8 Mainstream Game Mini Computer
• Intel NUC Board DE3815TYBE (H26998-500 & later)
• Intel NUC Kit DE3815TYKHE (H27002-500 & later)
• Intel NUC Board DE3815TYBE
• Intel NUC Kit DE3815TYKHE
• Intel NUC Kit DN2820FYKH

Intel has yet to reveal details of CVE-2019-14570 and CVE-2019-14569, but this happens only after mitigations are available to everyone. The company also thanked security researcher Alexander Ermolov for reporting the issue in the first place.