HP Product Security Response TeamHP:C05917813HPSBHF03578 rev. 5 - Intel Graphics Driver - Pointer Dereference / Type Confusion in HECI Service
0.001 Low
EPSS
Percentile
32.0%
Potential Security Impact
Elevation of Privilege
Source: HP, HP Security Response Team (PSIRT)
Reported by: Intel
VULNERABILITY SUMMARY
CVE-2017-5717: The Intel® Content Protection HECI Service has a Type Confusion vulnerability which potentially can lead to a privilege escalation. The HECI service software is distributed as part of the Intel Graphics Driver, and is used by the graphics driver to provide premium content playback services.
CVE-2017-5727: The Intel® Graphics Drivers for Windows Code can fail to adequately validate a pointer input. This may lead to modification of kernel memory and a potential for an escalation of privilege.
> note:
>
> Third party marks and brands are the property of their respective owners.
RESOLUTION
HP is working to update the affected systems. Schedules for these updates will be provided via this bulletin. Impacted HP products are shown in the table below. We will update the table as softpaqs become available. Check back frequently for updates.
Related
