Intel, AMD, Zoom and Splunk have each released security advisories on the first Patch Tuesday of 2024 to inform customers about vulnerabilities found in their products.
Intel has published three new advisories announcing patches. Two of them describe a total of six high-severity and one medium-severity local privilege escalation vulnerabilities in NUC BIOS firmware.
The chip giant has also informed customers about four privilege escalation and denial-of-service (DoS) vulnerabilities in NUC software. All of the flaws require local access for exploitation.
AMD has published one new advisory this Patch Tuesday to announce that no mitigation is planned for a low-severity issue involving SEV-SNP.
“A researcher has reported that a host can potentially suppress delivery of debug exceptions to SEV-SNP guests that have the restricted injection feature enabled,” the company explained. “For example, a software-based debugger generating hardware-based exceptions for the purpose of debugging may not see the exceptions delivered to the VM guest.”
Splunk has released four new advisories. One of them informs customers about seven critical- and high-severity vulnerabilities patched in Splunk Enterprise Security with third-party package updates.
Another advisory covers six high-severity flaws patched in User Behavior Analytics with third-party package updates.
The company has also patched two medium-severity vulnerabilities in Enterprise Security. The flaws allow an authenticated attacker to cause a DoS condition to an investigation.
Zoom has published one advisory to inform customers that Zoom Desktop, VDI Client and SDKs for Windows are affected by a high-severity flaw that could allow an authenticated attacker to escalate privileges via local access. Patches have been released.