Intel Security CenterINTEL:INTEL-SA-00864Intel® Graphics Drivers Advisory
Summary:
Potential security vulnerabilities in some Intel® Graphics drivers may allow escalation of privilege, denial of service and information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities.
Vulnerability Details:
CVEID: CVE-2023-29165
Description: Unquoted search path or element in some Intel® Arc™ & Iris® Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CVEID: CVE-2023-27305
Description: Incorrect default permissions in some Intel® Arc™ & Iris® Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CVEID: CVE-2023-25952
Description: Out-of-bounds write in some Intel® Arc™ & Iris® Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service via local access.
CVSS Base Score: 6.1 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVEID: CVE-2022-42879
Description: NULL pointer dereference in some Intel® Arc™ & Iris® Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service via local access.
CVSS Base Score: 6.1 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVEID: CVE-2023-25071
Description: NULL pointer dereference in some Intel® Arc™ & Iris® Xe Graphics - WHQL - Windows Drviers before version 31.0.101.4255 may allow authenticated user to potentially enable denial of service via local access.
CVSS Base Score: 5.6 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
CVEID: CVE-2023-28401
Description: Out-of-bounds write in some Intel® Arc™ & Iris® Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 5.2 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
CVEID: CVE-2023-28404
Description: Out-of-bounds read in the Intel® Arc™ & Iris® Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Base Score: 3.8 Low
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Affected Products:
Intel® Arc™ & Iris® Xe Graphics - WHQL - Windows Drivers before version 31.0.101.4255.
Recommendation:
Intel recommends updating Intel® Arc™ & Iris® Xe Graphics - WHQL - Windows Drivers to version 31.0.101.4255 or later.
Updates are available for download at this location:
Acknowledgements:
Intel would like to thank Aobo Wang of Chaitin Security Research Lab (CVE-2023-25952, CVE-2022-42879), Falcon Corruption @falconCorrup (CVE-2023-27305), Angry1iz4rd (CVE-2023-29165) for reporting these issues.
The following issues were found externally CVE-2023-28404, CVE-2023-28404, CVE-2023-28401, CVE-2023-25071 and CVE-2023-28401.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.
Related
