Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00481
HistoryNov 09, 2021 - 12:00 a.m.

Intel® Core™ Processors with Radeon™ RX Vega M GL Graphics Advisory

2021-11-0900:00:00
Intel Security Center
www.intel.com
11
JSON

Summary:

Potential security vulnerabilities in some Intel® Core™ processors with Radeon™ RX Vega M GL integrated graphics may allow escalation of privilege, denial of service or information disclosure. Intel and AMD are releasing driver updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2020-12902 (Non-Intel issued)

Description: Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.

Severity: High****

CVEID: CVE-2020-12980 (Non-Intel issued)

Description: An out of bounds write and read vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.

Severity: High

CVEID: CVE-2020-12981 (Non-Intel issued)

Description: An insufficient input validation in the AMD Graphics Driver for Windows 10 may allow unprivileged users to unload the driver, potentially causing memory corruptions in high privileged processes, which can lead to escalation of privileges or denial of service.

Severity: High

CVEID: CVE-2020-12982 (Non-Intel issued)

Description: An invalid object pointer free vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.

Severity: High

CVEID: CVE-2020-12983 (Non-Intel issued)

Description: An out of bounds write vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privileges or denial of service.

Severity: High

CVEID: CVE-2020-12985 (Non-Intel issued)

Description: An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.

Severity: High

CVEID: CVE-2020-12986 (Non-Intel issued)

Description: An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may cause arbitrary code execution in the kernel, leading to escalation of privilege or denial of service.

Severity: High

CVEID: CVE-2020-12893 (Non-Intel issued)

Description: Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in Escape 0x15002a may lead to escalation of privilege or denial of service.

Severity: High

CVEID: CVE-2020-12894 (Non-Intel issued)

Description: Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x40010d may lead to arbitrary write to kernel memory or denial of service.

Severity: High

CVEID: CVE-2020-12895 (Non-Intel issued)

Description: Pool/Heap Overflow in AMD Graphics Driver for Windows 10 in Escape 0x110037 may lead to escalation of privilege, information disclosure or denial of service.

Severity: High

CVEID: CVE-2020-12898 (Non-Intel issued)

Description: Stack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.

Severity: High

CVEID: CVE-2020-12900 (Non-Intel issued)

Description: An arbitrary write vulnerability in the AMD Radeon Graphics Driver for Windows 10 potentially allows unprivileged users to gain Escalation of Privileges and cause Denial of Service.

Severity: High

CVEID: CVE-2020-12901 (Non-Intel issued)

Description: Arbitrary Free After Use in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or information disclosure.

Severity: High

CVEID: CVE-2020-12903 (Non-Intel issued)

Description: Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in Escape 0x6002d03 may lead to escalation of privilege or denial of service.

Severity: High

CVEID: CVE-2020-12892 (Non-Intel issued)

Description: An untrusted search path in AMD Radeon settings Installer may lead to a privilege escalation or unauthorized code execution.

Severity: Medium

CVEID: CVE-2020-12987 (Non-Intel issued)

Description: A heap information leak/kernel pool address disclosure vulnerability in the AMD Graphics Driver for Windows 10 may lead to KASLR bypass.

Severity: Medium

CVEID: CVE-2020-12904 (Non-Intel issued)

Description: Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure.

Severity: Medium

CVEID: CVE-2020-12905 (Non-Intel issued)

Description: Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004403 may lead to arbitrary information disclosure.

Severity: Medium

CVEID: CVE-2020-12964 (Non-Intel issued)

Description: A potential privilege escalation/denial of service issue exists in the AMD Radeon Kernel Mode driver Escape 0x2000c00 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck or write to leak information.

Severity: Medium

CVEID: CVE-2020-12899 (Non-Intel issued)

Description: Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or denial of service.

Severity: Medium

CVEID: CVE-2020-12897 (Non-Intel issued)

Description: Kernel Pool Address disclosure in AMD Graphics Driver for Windows 10 may lead to KASLR bypass.

Severity: Medium

CVEID: CVE-2020-12963 (Non-Intel issued)

Description: An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows may allow unprivileged users to compromise the system.

Severity: Medium

CVEID: CVE-2021-33105

Description: Out-of-bounds read in some Intel® Core™ processors with Radeon™ RX Vega M GL integrated graphics before version 21.10 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 4.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N****

Affected Products:

Intel® Core™ i5-8305G Processor with Radeon™ RX Vega M GL graphics before version 21.10.

Intel® Core™ i7-8706G Processor with Radeon™ RX Vega M GL graphics before version 21.10.

Intel® Graphics Driver for Windows® 10 64-bit for NUC8i7HNK, NUC8i7HVK before version 21.10.

Recommendations:

Intel recommends updating graphics driver software for Intel® Core™ processors with Radeon™ RX Vega M GL integrated graphics to version 21.10 or later.

Updates are available for download at this location:

For Intel® NUCs NUC8i7HNK and NUC8i7HVK, with Radeon™ RX Vega M Graphics Driver for Windows® 10 64-bit:

<https://www.intel.com/content/www/us/en/download/19269/648069/radeon-rx-vega-m-graphics-driver-for-windows-10-64-bit-for-nuc8i7hnk-nuc8i7hvk.html&gt;

For all other Intel® Core™ processors with Radeon™ RX Vega M Graphics:

<https://www.intel.com/content/www/us/en/download/19282/30534/radeon-rx-vega-m-graphics.html&gt;

Acknowledgements:

Intel would like to thank Ori Nimron (@orinimron123) for reporting these issues as well Eran Shimony of CyberArk Labs for reporting CVE-2020-12892.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

hp 1
amd 1
prion 23
cve 23
cnvd 3
hp
hp
AMD® Graphics Driver November 2021 Security Updates
2021-11-09 00:00:00
amd
amd
AMD Graphics Driver for Windows 10
2021-11-09 00:00:00
prion
prion
Information disclosure
2021-11-15 20:15:00
Input validation
2021-11-15 16:15:00
Cross site scripting
2021-11-15 20:15:00
cve
cve
CVE-2020-12981
2021-06-11 22:15:00
CVE-2020-12903
2021-11-15 20:15:00
CVE-2020-12963
2021-11-15 16:15:00
cnvd
cnvd
AMD Graphics Driver has an unspecified vulnerability (CNVD-2021-100385)
2021-12-10 00:00:00
AMD Graphics Driver Resource Management Error Vulnerability
2021-12-10 00:00:00
AMD Graphics Driver has an unspecified vulnerability (CNVD-2021-100384)
2021-12-10 00:00:00
JSON
Related for INTEL:INTEL-SA-00481
hp1amd1prion23cve23cnvd3