Intel Graphics Drivers Vulnerabilities - US

Lenovo Security Advisory: LEN-15570

**Potential Impact:**Privilege escalation, modification of kernel memory

Severity: High

Scope of Impact: Industry-wide

CVE Identifier: CVE-2017-5696, CVE-2017-5727, CVE-2017-5717, CVE-2017-5692

Summary Description:

Intel has issued multiple advisories related to its standard graphics drivers, which are combined here as they all require the same mitigation for customers.

Intel issued advisory SA-00080 for its Intel Graphics Drivers for Windows versions 15.45.xx.xxxx (also known as 21.20.xx.xxxx), which contain an untrusted search path which allows a local attacker to execute code with escalated privilege.

Intel issued advisory SA-00089 for multiple Windows graphics driver branches regarding inadequate pointer input validation, allowing potential modification of kernel memory and privilege escalation.

Intel issued advisory SA-00095 for multiple Windows graphics driver branches regarding a type confusion vulnerability in the HECI service potentially leading to privilege escalation.

Mitigation Strategy for Customers (what you should do to protect yourself):

Intel recommends upgrading to the graphics driver version (or newer) indicated for your model in the Product Impact section below.

Product Impact: