Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00315
HistoryMar 10, 2020 - 12:00 a.m.

Intel® Graphics Drivers Advisory

2020-03-1000:00:00
Intel Security Center
www.intel.com
31
JSON

Summary:

Potential security vulnerabilities in Intel® Graphics Drivers may allow escalation of privilege, denial of service and/or information disclosure.** **Intel is releasing software updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2020-0502

Description: Improper access control in Intel® Graphics Drivers before version 26.20.100.6912 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.8 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H


CVEID: CVE-2020-0504

Description: Buffer overflow in Intel® Graphics Drivers before versions 15.40.44.5107, 15.45.30.5103, and 26.20.100.7158 may allow an authenticated user to potentially enable escalation of privilege and denial of service via local access.

CVSS Base Score: 8.4 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

CVEID: CVE-2020-0516

Description: Improper access control in Intel® Graphics Drivers before version 26.20.100.7463 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 7.9 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H

CVEID: CVE-2020-0519

Description: Improper access control for Intel® Graphics Drivers before versions 15.33.49.5100 and 15.36.38.5117 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access.

CVSS Base Score: 7.3 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L

CVEID: CVE-2020-0520

Description: Path traversal in igdkmd64.sys for Intel® Graphics Drivers before versions 15.45.30.5103, 15.40.44.5107, 15.36.38.5117 and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access.

CVSS Base Score: 7.3 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H

CVEID: CVE-2020-0505

Description: Improper conditions check in Intel® Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable information disclosure and denial of service via local access.

CVSS Base Score: 7.3 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

CVEID: CVE-2020-0501

Description: Buffer overflow in Intel® Graphics Drivers before version 26.20.100.6912 may allow an authenticated user to potentially enable a denial of service via local access.

CVSS Base Score: 7.3 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H

CVEID: CVE-2020-0565

Description: Uncontrolled search path in Intel® Graphics Drivers before version 26.20.100.7158 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVEID: CVE-2020-0514

Description: Improper default permissions in the installer for Intel® Graphics Drivers before versions 26.20.100.7463 and 15.45.30.5103 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVEID: CVE-2020-0508

Description: Incorrect default permissions in the installer for Intel® Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVEID: CVE-2020-0511

Description: Uncaught exception in system driver for Intel® Graphics Drivers before version 15.40.44.5107 may allow an authenticated user to potentially enable a denial of service via local access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CVEID: CVE-2020-0503

Description: Improper access control in Intel® Graphics Drivers before version 26.20.100.7212 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVEID: CVE-2020-0567

Description: Improper input validation in Intel® Graphics Drivers before version 26.20.100.7212 may allow an authenticated user to enable denial of service via local access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CVEID: CVE-2020-0507

Description: Unquoted service path in Intel® Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 4.4 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVEID: CVE-2020-0517

Description: Out-of-bounds write in Intel® Graphics Drivers before version 15.36.38.5117 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access.

CVSS Base Score: 4.2 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L

CVEID: CVE-2020-0506

Description: Improper initialization in Intel® Graphics Drivers before versions 15.40.44.5107, 15.45.29.5077, and 26.20.100.7000 may allow a privileged user to potentially enable a denial of service via local access.

CVSS Base Score: 3.2 Low

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

_ _

Affected Products:

Intel® Graphics Drivers for 3rd, 4th, 5th, 6th, 7th, 8th, 9th, 10th Generation Intel® Processors for Windows* 7, 8.1, and 10 before versions 15.40.44.5107, 15.45.29.5103, 26.20.100.7584, 15.33.49.5100 and 15.36.38.5117.

Recommendations:

Intel recommends updating Intel® Graphics Drivers for Windows* to latest version.

Updates are available for download at this location:

<https://downloadcenter.intel.com/search?keyword=intel+graphics&gt;

Acknowledgements:

Intel would like to thank Ori Nimron (@orinimron123) (CVE-2020-0503, CVE-2020-0504, CVE-2020-0506, CVE-2020-0511, CVE-2020-0519, CVE-2020-0520), Anonymous (CVE-2020-0507), DrX (CVE-2020-0508), Jimmy Bayne (CVE-2020-0514), Zhiniang Peng (CVE-2020-0516), RanchoIce of Tencent Security ZhanluLab (CVE-2020-0517), Eran Shimony (CVE-2020-0565), and Wei Lei (CVE-2020-0567) for reporting these issues.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

hp 1
lenovo 2
threatpost 2
cve 16
prion 16
openvas 1
hp
hp
HPSBHF03658 rev. 3 - Intel® Graphics Drivers March 2020 Security Updates
2020-03-09 00:00:00
lenovo
lenovo
Intel Graphics Driver for Windows - Lenovo Support US
2020-03-06 19:35:22
Intel Graphics Driver for Windows - Lenovo Support NL
2020-03-06 19:35:22
threatpost
threatpost
High-Severity Flaws Plague Intel Graphics Drivers
2020-03-10 18:08:36
High-Severity Flaws Plague Intel Graphics Drivers
2020-03-10 18:08:36
cve
cve
CVE-2020-0514
2020-03-12 20:15:00
CVE-2020-0516
2020-03-12 20:15:00
CVE-2020-0511
2020-03-12 20:15:00
prion
prion
Input validation
2020-03-12 20:15:00
Design/Logic Flaw
2020-03-12 20:15:00
Cross site scripting
2020-03-12 20:15:00
openvas
openvas
Microsoft Windows Unquoted Path Vulnerability (SMB Login)
2018-03-23 00:00:00
JSON
Related for INTEL:INTEL-SA-00315
hp1lenovo2threatpost2cve16prion16openvas1