Intel today released security updates for two of its products, to fix vulnerabilities that could lead to privilege escalation, denial of service, and information disclosure.

One of the flaws affects its Solid State Drives for Data Centers that run a firmware version before SCV10150. The products impacted are SSD DC S4500 Series and SSD DC S4600 Series.

The vulnerability has a medium severity score of 5.3 and can potentially be used by an attacker to increase their privileges on the system.

It is caused by improper authentication and can be exploited via physical access. While this dampens the risk, a determined attacker may still be able to leverage it.

Multi-effect bug in Diagnostic tool

A more serious vulnerability that affects Intel's Processor Diagnostic Tool can give a threat actor increased privileges on the system, allow them to cause a denial-of-service condition, or to obtain information that should not be available to them.

The software is used to check the functionality of an Intel processor, such as its operating frequency, test certain features, as well as run stress tests on it to verify its stability.

With a severity mark of 8.2, the flaw was discovered by Jesse Michael of Eclypsium, a firmware and hardware security firm known for discovering new methods of attack based on corrupting or compromising firmware in critical components.

Intel labels the flaw in Processor Diagnostic Tool as an improper access control that could be exploited by an authenticated user. All versions of the utility prior to 4.1.2.24 are affected.

Users are recommended to update to the latest version provided by the vendor.

The Department of Homeland Security advises all users and administrators with systems affected by the two vulnerabilities to install the necessary updates from Intel.