Aobo Wang

**Name of the Vulnerable Software and Affected Versions** ASUS motherboard series (affected versions not specified) **Description** An out-of-bounds read issue exists in the asComSvc service. Sending specially crafted requests can trigger this issue, potentially causing a service crash or partial loss of functionality. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows Kernel (affected versions not specified) Description: A vulnerability allows attackers to obtain sensitive information and affect the system. The Windows Kernel generates error messages containing sensitive information, potentially allowing a locally authorized attacker to disclose information. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AMD Crash Defender (affected versions not specified) **Description** Improper removal of sensitive information before storage or transfer in AMD Crash Defender could allow an attacker to obtain kernel address information, potentially resulting in loss of confidentiality. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) QuickAssist Technology versions prior to 2.2.0 **Description** The issue is related to an out-of-bounds write that may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to 2.2.0, update to version 2.2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Thread Director Visualizer version 1.0.0 **Description** The issue concerns an uncontrolled search path in the Intel(R) Thread Director Visualizer software. This could potentially allow an authenticated user to enable escalation of privilege via local access. **Recommendations** For Intel(R) Thread Director Visualizer version 1.0.0, update to version 1.0.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel(R) MLC versions prior to v3.11b **Description** The issue concerns a NULL pointer dereference that may allow an authenticated user to potentially enable denial of service via local access. This could be achieved through the exploitation of the NULL pointer dereference in the software. **Recommendations** For versions prior to v3.11b, update to version v3.11b or later to resolve the issue. As a temporary workaround, consider restricting local access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Intel(R) QAT software versions prior to 2.0.5 **Description** The issue is related to an untrusted pointer dereference in the I/O subsystem, which may allow an authenticated user to potentially enable information disclosure via local operating system access. **Recommendations** For versions prior to 2.0.5, update to version 2.0.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel(R) QuickAssist Technology software versions prior to 2.2.0 **Description** The issue is related to improper input validation, which may allow an authenticated user to potentially enable denial of service via local access. **Recommendations** For versions prior to 2.2.0, update to version 2.2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel(R) RAID Web Console (affected versions not specified) **Description** The issue is related to a NULL pointer dereference in the Intel(R) RAID Web Console software. This flaw may allow an authenticated user to potentially enable denial of service via local access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) RAID Web Console all versions **Description** The issue is related to improper access control in the Intel(R) RAID Web Console, which may allow an authenticated user to potentially enable information disclosure via local access. This could permit an attacker to disclose protected information. **Recommendations** For all versions of Intel(R) RAID Web Console, consider restricting local access to the console until a fix is available. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) RAID Web Console software all versions **Description** The issue is related to an uncaught exception in the Intel(R) RAID Web Console software, which may allow an authenticated user to potentially enable denial of service via local access. This is due to an error in handling exceptional states. Exploitation of this issue can lead to a denial of service. The vulnerability is exploitable via local access and poses a serious risk to system stability and data. **Recommendations** For all versions of Intel(R) RAID Web Console software, consider temporarily disabling local access to the software until a patch is available. Restrict access to the Intel(R) RAID Web Console to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) RAID Web Console software for all versions **Description** The issue is related to improper access control in the Intel(R) RAID Web Console software, which may allow an authenticated user to potentially enable escalation of privilege via local access. This could permit a malicious user to elevate their privileges. **Recommendations** For all versions of Intel(R) RAID Web Console software, consider restricting local access to the software until a fix is available. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) RAID Web Console software for all versions **Description** The issue is related to improper access control in the Intel(R) RAID Web Console software, which may allow an authenticated user to potentially enable denial of service via adjacent access. This could be exploited by a remote attacker to cause a denial of service. **Recommendations** For all versions, consider restricting access to the Intel(R) RAID Web Console software until a patch is available to prevent potential denial of service attacks. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Intel(R) Arc(TM) & Iris(R) Xe Graphics software versions prior to 31.0.101.4824 Description: The issue is related to improper access control in the graphics drivers of Intel microprocessor software, which may allow an authenticated user to potentially enable denial of service via local access. This could result in a service disruption. Recommendations: For versions prior to 31.0.101.4824, update to version 31.0.101.4824 or later to resolve the issue. As a temporary workaround, consider restricting local access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Graphics Command Center Service versions prior to 31.0.101.3790/31.0.101.2114 **Description** The issue is related to an uncontrolled search path in the Intel(R) Graphics Command Center Service, which may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to 31.0.101.3790/31.0.101.2114, update to version 31.0.101.3790 or 31.0.101.2114 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Power Gadget software for Windows (affected versions not specified) **Description** The issue is related to improper access control in the Intel(R) Power Gadget software for Windows, which may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Ethernet Controller Administrative Tools versions prior to 28.3 **Description** The issue is related to improper access control in the Intel(R) Ethernet Controller Administrative Tools software. This may allow an authenticated user to potentially enable escalation of privilege via local access. The vulnerability is associated with errors in access control. **Recommendations** For versions prior to 28.3, update to version 28.3 or later to resolve the issue. As a temporary workaround, consider restricting local access to the Intel(R) Ethernet Controller Administrative Tools software until a patch is applied.

Name of the Vulnerable Software and Affected Versions: Python versions prior to 3.13 Description: The issue is related to the `tempfile.mkdtemp()` function in Python, which on Windows, may not always set the correct permissions for the temporary directory, allowing other users to read and write to it. This is due to Python not supporting Unix permissions on Windows. The fix adds support for Unix "700" permissions for the `mkdir` function on Windows, ensuring the newly created directory has the proper permissions. If you are not using Windows or haven't changed the temporary directory location, you are not affected by this issue. On other platforms, the returned directory is consistently readable and writable only by the current user. Recommendations: Update Python to version 3.13 to resolve the issue. As a temporary workaround, consider restricting access to the temporary directory created by `tempfile.mkdtemp()` to minimize the risk of exploitation. Avoid using the `tempfile.mkdtemp()` function on Windows until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Intel One Boot Flash Update (OFU) versions prior to 14.1.31 **Description** The issue is related to a protection mechanism failure in the Intel One Boot Flash Update (OFU) software, which may allow an authenticated user to potentially enable escalation of privilege via local access. This could permit an attacker to increase their privileges. **Recommendations** For versions prior to 14.1.31, update to version 14.1.31 or later to resolve the issue. As a temporary workaround, consider restricting local access to the system until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** Intel(R) QAT drivers for Windows - HW Version 1.0 before version 1.10 **Description** The issue is a buffer overflow that may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For Intel(R) QAT drivers for Windows - HW Version 1.0 before version 1.10, update to version 1.10 or later to resolve the issue.