Intel Security CenterINTEL:INTEL-SA-00438Intel® Graphics Drivers Advisory
Summary:
Potential security vulnerabilities in some Intel® Graphics Drivers may allow escalation of privilege, denial of service and/or information disclosure.** **Intel is releasing software updates to mitigate these potential vulnerabilities.
Vulnerability Details:
CVEID: CVE-2020-0544__
Description: Insufficient control flow management in the kernel mode driver for some Intel® Graphics Drivers before version 15.36.39.5145 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 8.8 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2020-0521
Description: Insufficient control flow management in some Intel® Graphics Drivers before version 15.45.32.5145 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.7 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
CVEID: CVE-2020-12362__
Description: Integer overflow in the firmware for some Intel® Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2020-12361__
Description: Use after free in some Intel® Graphics Drivers before version 15.33.51.5146 may allow an authenticated user to potentially enable denial of service via local access.
CVSS Base Score: 7.3 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H
CVEID: CVE-2020-24450
Description: Improper conditions check in some Intel® Graphics Drivers before versions 26.20.100.8141, 15.45.32.5145 and 15.40.46.5144 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.3 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L
CVEID: CVE-2020-24462
Description: Out of bounds write in the Intel® Graphics Driver before version 15.33.53.5161, 15.36.40.5162, 15.40.47.5166, 15.45.33.5164 and 27.20.100.8336 may allow an authenticated user to potentially enable an escalation of privilege via local access.
CVSS Base Score: 6.8 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
CVEID: CVE-2020-8678
Description: Improper access control for Intel® Graphics Drivers before version 15.45.33.5164 and 27.20.100.8280 may allow an authenticated user to potentially enable an escalation of privilege via local access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CVEID: CVE-2020-0518
Description: Improper access control in the Intel® HD Graphics Control Panel before version 15.40.46.5144 and 15.36.39.5143 may allow an authenticated user to potentially enable denial of service via local access.
CVSS Base Score: 6.5 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVEID: CVE-2020-12367
Description: Integer overflow in some Intel® Graphics Drivers before version 26.20.100.8476 may allow a privileged user to potentially enable an escalation of privilege via local access.
CVSS Base Score: 6.1 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L
CVEID: CVE-2020-12368
Description: Integer overflow in some Intel® Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable an escalation of privilege via local access.
CVSS Base Score: 6.1 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L
CVEID: CVE-2020-12369
Description: Out of bound write in some Intel® Graphics Drivers before version 26.20.100.8336 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.1 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L
CVEID: CVE-2020-12385
Description: Improper input validation in some Intel® Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.1 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L
CVEID: CVE-2020-12365
Description: Untrusted pointer dereference in some Intel® Graphics Drivers before versions 15.33.51.5146, 15.45.32.5145, 15.36.39.5144 and 15.40.46.5143 may allow an authenticated user to potentially denial of service via local access.
CVSS Base Score: 5.5 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVEID: CVE-2020-12366
Description: Insufficient input validation in some Intel® Graphics Drivers before version 27.20.100.8587 may allow a privileged user to potentially enable an escalation of privilege via local access.
CVSS Base Score: 5.3 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N
CVEID: CVE-2020-24448
Description: Uncaught exception in some Intel® Graphics Drivers before version 15.33.51.5146 may allow an authenticated user to potentially enable denial of service via local access.
CVSS Base Score: 5.5 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVEID: CVE-2020-12386
Description: Out-of-bounds write in some Intel® Graphics Drivers before version 15.36.39.5143 may allow an authenticated user to potentially enable denial of service via local access.
CVSS Base Score: 4.2 Medium
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L
CVEID: CVE-2020-12384
Description: Improper access control in some Intel® Graphics Drivers before version 26.20.100.8476 may allow an authenticated user to potentially enable an escalation of privilege via local access.
CVSS Base Score: 3.3 Low
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CVEID: CVE-2020-12363
Description: Improper input validation in some Intel® Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.
CVSS Base Score: 1.9 Low
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
CVEID: CVE-2020-12364
Description: Null pointer reference in some Intel® Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.
CVSS Base Score: 1.9 Low
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
CVEID: CVE-2020-12370
Description: Untrusted pointer dereference in some Intel® Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access.
CVSS Base Score: 1.9 Low
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
CVEID: CVE-2020-12371
Description: Divide by zero in some Intel® Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access.
CVSS Base Score: 1.9 Low
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
CVEID: CVE-2020-12372
Description: Unchecked return value in some Intel® Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access.
CVSS Base Score: 1.9 Low
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
CVEID: CVE-2020-12373
Description: Expired pointer dereference in some Intel® Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access.
CVSS Base Score: 1.9 Low
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
Affected Products:
Intel® Graphics Drivers for 3rd, 4th, 5th, 6th, 7th, 8th, 9th and 10th Generation Intel® Processors for Windows* 7, 8.1 and 10 before versions 15.33.51.5146, 15.36.39.5145, 15.40.46.5144, 15.45.32.5164, 26.20.100.8141, 27.20.100.8587 and Intel® Graphics Drivers for Linux before Linux kernel version 5.5.
Recommendation:
Intel recommends updating the Intel® Graphics Drivers to latest version.
Updates are available for download at this location:
For Windows*:
<https://downloadcenter.intel.com/search?keyword=intel+graphics>__
For Linux:
Contact your Linux distribution provider for updates.
Acknowledgements:
Intel would like to thank Ori Nimron (@orinimron123) (CVE-2020-12365 and CVE-2020-24448), j0bounties (CVE-2020-12361 ), Rancho Han of Singular Security Lab (CVE-2020-12386), Jamie Brown, Dean McKinnel, John Tear (CVE-2020-8678), Zhiniang Peng (@edwardzpeng) of Qihoo 360 Core security & Fangming Gu (CVE-2020-0518), Nassim Asrir (CVE-2020-12384) and Linshuang Li (CVE-2020-12366, CVE-2020-24450) and Nicola Stauffer (CVE-2020-24462) for reporting these issues.
Intel would like to thank employees Sunny Rajasekaran and Steffen Schulz (CVE-2020-12367, CVE-2020-12368, CVE-2020-12369, CVE-2020-12370, CVE-2020-12371, CVE-2020-12372, CVE-2020-12373), Jared Candeleria (CVE-2020-12362, CVE-2020-12363, CVE-2020-12364), Will Burton (CVE-2020-0521, CVE-2020-12385).
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.
Related
