Intel, Nvidia and Microsoft Products Vulnerable to Log4Shell RCE, AMD Unaffected

AMD said its software products are protected from the log4j vulnerability.

Intel Log4j vulnerability

The recently discovered Log4Shell vulnerability in the open-source Java library Log4j has caused alarm in the cybersecurity community since its exploitation allows you to remotely execute commands on the system. The vulnerability compromises any system that can be accessed directly from a browser, mobile device, or API call.

Companies such as Intel, NVIDIA and Microsoft have not been spared the problem. Intel has listed as many as nine Java applications that currently contain the vulnerability: Intel Audio Development Kit, Intel Datacenter Manager, Intel one API sample browser plugin for Eclipse, Intel System Debugger, Intel Secure Device Onboard, Intel Genomics Kernel Library, Intel System Studio, Computer Vision Annotation Tool and Intel Sensor Solution Firmware Development Kit. The company is working on the release of fixed versions of applications that eliminate the Log4Shell vulnerability.

Based on a preliminary investigation of AMD products, the company did not find the vulnerability present. However, given the potential impact of the issue, AMD is "continuing its analysis."

The situation with Nvidia is a little more complicated - the latest releases of the company's applications do not contain an exploitable vulnerability, but server managers do not always install the latest updates on their devices. For such cases, the company has listed four separate products that are vulnerable to Log4Shell when legacy versions are in use: CUDA Toolkit Visual Profiler and Nsight Eclipse Edition, DGX Systems, NetQ, and vGPU Software License Server

Microsoft has released updates for two of its products that contain the Log4Shell vulnerability: Azure Spring Cloud (uses certain Log4J elements during boot) and Microsoft Azure DevOps.

Read Also
Post a Comment