Zero-Day Advisory
Fortinet Discovers Intel Trace Analyzer and Collector Memory Corruption Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered a Memory Corruption vulnerability in Intel Trace Analyzer and Collector 2019.
Intel Trace Analyzer and Collector is a Windows & Linux graphical tool to understand MPI application behavior across its full run-time. It helps users to find temporal dependencies and bottlenecks in code, check the correctness of applications, locate potential programming errors, buffer overlaps, and deadlocks, visualize and understand parallel application behavior, evaluate profiling statistics and load balancing, analyze performance of subroutines or code blocks, learn about communication patterns, parameters, and performance data, identify communication hot spots, decrease time to solution and increase application efficiency. It is shipped individually and also as part of the Intel Parallel Studio product.
A memory corruption vulnerability has been discovered in Intel Trace Analyzer and Collector. The vulnerability is caused by a crafted stf trace file which causes an out-of-bounds memory write access. It could allow malicious users to create code execution scenarios.
Solutions
FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:Intel.Trace.Analyzer.Collector.FG-VD-19-010.Memory.Corruption
Released Jan 02, 2020
Users should apply the solution provided by Intel.
Timeline
Fortinet reported the vulnerability to Intel on January 21, 2019.
Intel confirmed the vulnerability on January 29, 2019.
Intel patched the vulnerability on January 2, 2020.