Security Advisory: Intel(R) MPSS affected by Shellshock bug

Security Advisory: Intel(R) MPSS affected by Shellshock bug


Recently there was a critical vulnerability exposed in the GNU* Bourne-Again Shell (Bash), the common command-line shell used in many Linux*/UNIX operating system.   This vulnerability also affects the operating system used for the Intel(R) Xeon Phi(tm) Coprocessor.  

Several Intel(R) MPSS Hotfixes will be released that address all six of the known CVEs related to the newly-discovered Bash vulnerabilities (CVE-2014-6721, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6728) and corresponds to patch level 052 of the Bash ver. 4.2 as published by 

Intel(R) MPSS 3.1-x, 3.2-x, 3.3-x and 3.4-x are all affected, as well as previous MPSS 2.x releases.

No patches will be released for obsolete releases (MPSS 2.x).   As a workaround, it is possible to re/cross-compile a bash from patched sources.

Patches for MPSS 3.3 (Linux) were recently released (see )

Patches for MPSS 3.3 (Windows), 3.4, 3.1 and 3.2 will follow soon.  We will update this forum thread when they are available.

Customers can verify the vulnerability mitigation by running checkers on the Xeon Phi Coprocessor OS, such as Bashcheck,, or another relevant shell-script-based checker of their choice.

Please let us know if you have any questions!


4 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

Patches for MPSS 3.3 (Windows) have been posted - see


Patches for MPSS 3.4 are now posted

Patches for the older 3.1.x and 3.2.x releases are posted on the MPSS Archive page at

the versions to get are 3.1.7 and 3.2.5


Leave a Comment

Please sign in to add a comment. Not a member? Join today