Race condition in some Intel(R) Graphics Drivers before version 15.40.45.5126 may allow an authenticated user to potentially enable escalation of privilege via local access.
{"hp": [{"lastseen": "2021-12-30T16:03:46", "description": "## Potential Security Impact\nEscalation of Privilege, Denial of Service\n\n**Source:** HP, HP Product Security Response Team (PSRT) \n\n**Reported By:** Intel \n\n## VULNERABILITY SUMMARY\nIntel has informed HP of potential security vulnerabilities in some Intel\u00ae Graphics Drivers which may allow escalation of privilege and/or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities.\n\n## RESOLUTION\nIntel has released updates to mitigate the potential vulnerabilities. HP has identified the affected platforms and the corresponding SoftPaqs with minimum versions that mitigate the potential vulnerability. See the affected platforms listed below.\n\nNewer versions might become available and the minimum versions listed below might become obsolete. If a SoftPaq Link becomes invalid, check the HP Customer Support - Software and Driver Downloads site to obtain the latest update for your product model. \n", "cvss3": {}, "published": "2020-08-06T00:00:00", "type": "hp", "title": "HPSBHF03681 rev. 2 - Intel\u00ae Graphics Drivers August 2020 Security Updates", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-0510", "CVE-2020-0513", "CVE-2020-8681", "CVE-2020-8680", "CVE-2020-8679", "CVE-2020-0512", "CVE-2020-8682", "CVE-2020-8683"], "modified": "2020-10-09T00:00:00", "id": "HP:C06716726", "href": "https://support.hp.com/us-en/document/c06716726", "cvss": {"score": "7.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/"}}], "lenovo": [{"lastseen": "2020-10-14T09:02:16", "description": "**Lenovo Security Advisory**: LEN-36229\n\n**Potential Impact:** Escalation of privilege, Denial of service\n\n**Severity:** High\n\n**Scope of Impact:** Industry-wide\n\n**CVE Identifier**: CVE-2020-0510, CVE-2020-0512, CVE-2020-0513, CVE-2020-8679, CVE-2020-8680, CVE-2020-8681, CVE-2020-8682, CVE-2020-8683\n\n**Summary Description: **\n\nIntel reported potential security vulnerabilities in Intel Graphics Driver for Windows which may lead to escalation of privilege and/or denial of service.\n\n**Mitigation Strategy for Customers (what you should do to protect yourself): **\n\nIntel recommends updating the Intel Graphics Driver for Windows to the latest version (or newer) as indicated for your model in the Product Impact section below.\n\n**Affected Products:**\n\nTo download the version specified for your product below, follow these steps:\n\nNavigate to the Drivers & Software support site for your product:\n\n * Lenovo Products (sold worldwide, except in China): [https://support.lenovo.com/](<https://pcsupport.lenovo.com/us/en/>)\n * Lenovo Products (sold in China): <https://newsupport.lenovo.com.cn/>\n * IBM-branded System x Legacy Products: <https://www.ibm.com/support/fixcentral/>\n 1. Search for your product by name or machine type.\n 2. Click Drivers & Software on the left menu panel.\n 3. Click on Manual Update to browse by Component type.\n 4. Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site.\n\nLenovo also offers tools to assist with update management as an alternative to the manual steps described above. Refer to the following for additional help:\n\nPC Products and Software: <https://support.lenovo.com/us/en/solutions/ht504759>\n\nServer and Enterprise Software: <https://support.lenovo.com/us/en/solutions/lnvo-lxcaupd> and <https://datacentersupport.lenovo.com/us/en/documents/lnvo-center>\n\nClick below links to view affected products:\n\nLenovo Notebook/IdeaPad/ThinkBooks\n\nThinkPad\n\nThinkServer\n\nThinkSystem\n\nReferences:\n\n<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00369.html>\n\nRevision History:\n\nRevision\n\n| \n\nDate\n\n| \n\nDescription \n \n---|---|--- \n4 | 2020-10-12 | Updated Lenovo Notebook and ThinkPad \n3 | 2020-09-17 | Updated ThinkPad \n2 | 2020-09-10 | Updated Lenovo Notebook and ThinkPad \n \n1\n\n| \n\n2020-08-11\n\n| \n\nInitial release \n \nFor a complete list of all Lenovo Product Security Advisories, click [here](<https://support.lenovo.com//product_security/home>).\n\nFor the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an \u201cas is\u201d basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-08-07T15:39:11", "type": "lenovo", "title": "Intel Graphics Driver for Windows - Lenovo Support US", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0510", "CVE-2020-8680", "CVE-2020-8682", "CVE-2020-0513", "CVE-2020-8679", "CVE-2020-8683", "CVE-2020-0512", "CVE-2020-8681"], "modified": "2020-10-12T16:02:20", "id": "LENOVO:PS500338-NOSID", "href": "https://support.lenovo.com/us/en/product_security/ps500338", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-11T16:37:29", "description": "**Lenovo Security Advisory**: LEN-36229\n\n**Potential Impact:** Escalation of privilege, Denial of service\n\n**Severity:** High\n\n**Scope of Impact:** Industry-wide\n\n**CVE Identifier**: CVE-2020-0510, CVE-2020-0512, CVE-2020-0513, CVE-2020-8679, CVE-2020-8680, CVE-2020-8681, CVE-2020-8682, CVE-2020-8683\n\n**Summary Description: **\n\nIntel reported potential security vulnerabilities in Intel Graphics Driver for Windows which may lead to escalation of privilege and/or denial of service.\n\n**Mitigation Strategy for Customers (what you should do to protect yourself): **\n\nIntel recommends updating the Intel Graphics Driver for Windows to the latest version (or newer) as indicated for your model in the Product Impact section below.\n\n**Affected Products:**\n\nTo download the version specified for your product below, follow these steps:\n\nNavigate to the Drivers & Software support site for your product:\n\n * Lenovo Products (sold worldwide, except in China): [https://support.lenovo.com/](<https://pcsupport.lenovo.com/us/en/>)\n * Lenovo Products (sold in China): <https://newsupport.lenovo.com.cn/>\n * IBM-branded System x Legacy Products: <https://www.ibm.com/support/fixcentral/>\n 1. Search for your product by name or machine type.\n 2. Click Drivers & Software on the left menu panel.\n 3. Click on Manual Update to browse by Component type.\n 4. Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site.\n\nLenovo also offers tools to assist with update management as an alternative to the manual steps described above. Refer to the following for additional help:\n\nPC Products and Software: <https://support.lenovo.com/us/en/solutions/ht504759>\n\nServer and Enterprise Software: <https://support.lenovo.com/us/en/solutions/lnvo-lxcaupd> and <https://datacentersupport.lenovo.com/us/en/documents/lnvo-center>\n\nClick below links to view affected products:\n\nLenovo Notebook/IdeaPad/ThinkBooks\n\nThinkPad\n\nThinkServer\n\nThinkSystem\n\nReferences:\n\n<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00369.html>\n\nRevision History:\n\nRevision\n\n| \n\nDate\n\n| \n\nDescription \n \n---|---|--- \n19 | 2022-02-07 | Updated ThinkPad \n18 | 2021-10-01 | Updated Lenovo Notebook \n17 | 2021-08-09 | Updated Lenovo Notebook \n16 | 2021-07-23 | Updated Lenovo Notebook \n15 | 2021-07-13 | Updated Lenovo Notebook, ThinkServer, ThinkSystem \n14 | 2021-06-15 | Updated Lenovo Notebook \n13 | 2021-05-20 | Updated Lenovo Notebook \n12 | 2021-05-10 | Updated Lenovo Notebook \n11 | 2021-04-02 | Updated Lenovo Notebook \n10 | 2021-03-09 | Updated Lenovo Notebook, ThinkPad \n9 | 2021-02-01 | Updated Lenovo Notebook \n8 | 2021-01-12 | Updated Lenovo Notebook \n7 | 2020-12-07 | Updated Lenovo Notebook, ThinkPad \n6 | 2020-11-10 | Updated ThinkPad \n5 | 2020-11-05 | Updated Lenovo Notebook and ThinkPad \n4 | 2020-10-12 | Updated Lenovo Notebook and ThinkPad \n3 | 2020-09-17 | Updated ThinkPad \n2 | 2020-09-10 | Updated Lenovo Notebook and ThinkPad \n \n1\n\n| \n\n2020-08-11\n\n| \n\nInitial release \n \nFor a complete list of all Lenovo Product Security Advisories, click [here](<https://support.lenovo.com//product_security/home>).\n\nFor the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an \u201cas is\u201d basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-08-07T15:39:11", "type": "lenovo", "title": "Intel Graphics Driver for Windows - Lenovo Support NL", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0510", "CVE-2020-8680", "CVE-2020-8682", "CVE-2020-0513", "CVE-2020-8679", "CVE-2020-8683", "CVE-2020-0512", "CVE-2020-8681"], "modified": "2021-08-09T18:15:46", "id": "LENOVO:PS500338-INTEL-GRAPHICS-DRIVER-FOR-WINDOWS-NOSID", "href": "https://support.lenovo.com/nl/nl/product_security/ps500338-intel-graphics-driver-for-windows", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "intel": [{"lastseen": "2023-02-08T18:04:15", "description": "### Summary: \n\nPotential security vulnerabilities in some Intel\u00ae Graphics Drivers may allow escalation of privilege and/or denial of service.** **Intel is releasing software updates to mitigate these potential vulnerabilities.\n\n### Vulnerability Details:\n\nCVEID: [CVE-2020-0510](<https://vulners.com/cve/CVE-2020-0510>)\n\nDescription: Out of bounds read in some Intel(R) Graphics Drivers before versions 15.45.31.5127 and 15.40.45.5126 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 7.1 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H>)\n\nCVEID: [CVE-2020-0513](<https://vulners.com/cve/CVE-2020-0513>)\n\nDescription: Out of bounds write for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 7.1 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H>)\n\nCVEID: [CVE-2020-8681](<https://vulners.com/cve/CVE-2020-8681>)\n\nDescription: Out of bounds write in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 7.1 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H>)\n\nCVEID: [CVE-2020-8680](<https://vulners.com/cve/CVE-2020-8680>)\n\nDescription: Race condition in some Intel(R) Graphics Drivers before version 15.40.45.5126 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 7.1 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H>)\n\nCVEID: [CVE-2020-8679](<https://vulners.com/cve/CVE-2020-8679>)\n\nDescription: Out-of-bounds write in Kernel Mode Driver for some Intel(R) Graphics Drivers before version 26.20.100.7755 may allow an authenticated user to potentially enable denial of service via local access.\n\nCVSS Base Score: 7.1 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H>)\n\nCVEID: [CVE-2020-0515](<https://vulners.com/cve/CVE-2020-0515>)\n\nDescription: Uncontrolled search path element in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7584, 15.45.30.5103, 15.40.44.5107, 15.36.38.5117, and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 6.7 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H>)\n\nCVEID: [CVE-2020-0512](<https://vulners.com/cve/CVE-2020-0512>)\n\nDescription: Uncaught exception in the system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access.\n\nCVSS Base Score: 5.5 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>)\n\nCVEID: [CVE-2020-8682](<https://vulners.com/cve/CVE-2020-8682>)\n\nDescription: Out of bounds read in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access. \n\n\nCVSS Base Score: 5.5 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>)\n\nCVEID: [CVE-2020-8683](<https://vulners.com/cve/CVE-2020-8683>)\n\nDescription: Improper buffer restrictions in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access.\n\nCVSS Base Score: 5.5 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>)\n\n### Affected Products:\n\nIntel\u00ae Graphics Drivers for 3rd, 4th, 5th, 6th, 7th, 8th, 9th and 10th Generation Intel\u00ae Processors for Windows* 7, 8.1 and 10 before versions 15.33.50.5129, 15.40.45.5126, 15.45.31.5127, and 26.20.100.7755.\n\n### Recommendations:\n\nIntel recommends updating Intel\u00ae Graphics Drivers for Windows to latest version.\n\nUpdates are available for download at this location:\n\n<https://downloadcenter.intel.com/search?keyword=intel+graphics>\n\n### Acknowledgements:\n\nIntel would like to thank Stefan Kanthak for reporting CVE-2020-0515 and Ori Nimron (@orinimron123) for reporting the rest of the issues.\n\nIntel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.\n", "cvss3": {}, "published": "2020-08-11T00:00:00", "type": "intel", "title": "Intel\u00ae Graphics Drivers\u00a0Advisory", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-0510", "CVE-2020-0512", "CVE-2020-0513", "CVE-2020-0515", "CVE-2020-8679", "CVE-2020-8680", "CVE-2020-8681", "CVE-2020-8682", "CVE-2020-8683"], "modified": "2020-08-11T00:00:00", "id": "INTEL:INTEL-SA-00369", "href": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00369.html", "cvss": {"score": 0.0, "vector": "NONE"}}]}
CVE-2020-8680
