Intel Graphics Driver for Windows - Lenovo Support US

2020-03-06T19:35:22

Description

**Lenovo Security Advisory:** LEN-30555 **Potential Impact**: Escalation of privilege, denial of service and/or information disclosure **Severity:** High **Scope of Impact:** Industry-wide **CVE Identifier:** CVE-2020-0501, CVE-2020-0502, CVE-2020-0503, CVE-2020-0504, CVE-2020-0505, CVE-2020-0506, CVE-2020-0507, CVE-2020-0508, CVE-2020-0511, CVE-2020-0514, CVE-2020-0515, CVE-2020-0516, CVE-2020-0517, CVE-2020-0519, CVE-2020-0520, CVE-2020-0565, CVE-2020-0567 **Summary Description: ** Intel reported potential security vulnerabilities in Intel Graphics Driver for Windows which may lead to escalation of privilege, denial of service and/or information disclosure. **Mitigation Strategy for Customers (what you should do to protect yourself): ** Intel recommends updating the Intel Graphics Driver for Windows to the latest version (or newer) as indicated for your model in the Product Impact section below. **** **Product Impact:** To download the version specified for your product below, follow these steps: 1. Navigate to your product's Drivers & Software page by going to [https://support.lenovo.com/](<https://pcsupport.lenovo.com/us/en/>). PRC users should go to <https://newsupport.lenovo.com.cn/> 2. Searching for your product by name or machine type. 3. Click Drivers & Software on the left menu panel. 4. Click on Manual Update to browse by Component type. 5. Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site. Alternatively and if applicable for your product, you may use Lenovo Vantage or Windows Update to update to the latest available version. To confirm you are using the minimum fix version (or higher), go to Add/Remove Programs and check the version listed there.

{"id": "LENOVO:PS500318-NOSID", "vendorId": null, "type": "lenovo", "bulletinFamily": "info", "title": "Intel Graphics Driver for Windows - Lenovo Support US", "description": "**Lenovo Security Advisory:** LEN-30555\n\n**Potential Impact**: Escalation of privilege, denial of service and/or information disclosure\n\n**Severity:** High\n\n**Scope of Impact:** Industry-wide\n\n**CVE Identifier:** CVE-2020-0501, CVE-2020-0502, CVE-2020-0503, CVE-2020-0504, CVE-2020-0505, CVE-2020-0506, CVE-2020-0507, CVE-2020-0508, CVE-2020-0511, CVE-2020-0514, CVE-2020-0515, CVE-2020-0516, CVE-2020-0517, CVE-2020-0519, CVE-2020-0520, CVE-2020-0565, CVE-2020-0567\n\n**Summary Description: **\n\nIntel reported potential security vulnerabilities in Intel Graphics Driver for Windows which may lead to escalation of privilege, denial of service and/or information disclosure.\n\n**Mitigation Strategy for Customers (what you should do to protect yourself): **\n\nIntel recommends updating the Intel Graphics Driver for Windows to the latest version (or newer) as indicated for your model in the Product Impact section below.\n\n****\n\n**Product Impact:**\n\nTo download the version specified for your product below, follow these steps:\n\n 1. Navigate to your product's Drivers & Software page by going to [https://support.lenovo.com/](<https://pcsupport.lenovo.com/us/en/>). PRC users should go to <https://newsupport.lenovo.com.cn/>\n 2. Searching for your product by name or machine type.\n 3. Click Drivers & Software on the left menu panel.\n 4. Click on Manual Update to browse by Component type.\n 5. Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site.\n\nAlternatively and if applicable for your product, you may use Lenovo Vantage or Windows Update to update to the latest available version. To confirm you are using the minimum fix version (or higher), go to Add/Remove Programs and check the version listed there.\n", "published": "2020-03-06T19:35:22", "modified": "2020-09-30T20:10:21", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4}, "href": "https://support.lenovo.com/us/en/product_security/ps500318", "reporter": "Lenovo", "references": [], "cvelist": ["CVE-2020-0520", "CVE-2020-0502", "CVE-2020-0506", "CVE-2020-0503", "CVE-2020-0507", "CVE-2020-0501", "CVE-2020-0567", "CVE-2020-0516", "CVE-2020-0504", "CVE-2020-0515", "CVE-2020-0565", "CVE-2020-0519", "CVE-2020-0508", "CVE-2020-0505", "CVE-2020-0514", "CVE-2020-0511", "CVE-2020-0517"], "immutableFields": [], "lastseen": "2020-10-14T13:01:54", "viewCount": 10, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-0501", "CVE-2020-0502", "CVE-2020-0503", "CVE-2020-0504", "CVE-2020-0505", "CVE-2020-0506", "CVE-2020-0507", "CVE-2020-0508", "CVE-2020-0511", "CVE-2020-0514", "CVE-2020-0515", "CVE-2020-0516", "CVE-2020-0517", "CVE-2020-0519", "CVE-2020-0520", "CVE-2020-0565", "CVE-2020-0567"]}, {"type": "hp", "idList": ["HP:C06587734"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00315", "INTEL:INTEL-SA-00369"]}, {"type": "lenovo", "idList": ["LENOVO:PS500318-INTEL-GRAPHICS-DRIVER-FOR-WINDOWS-NOSID"]}, {"type": "threatpost", "idList": ["THREATPOST:9413387DF7BF30AAEC83BA61DEFFC0C9", "THREATPOST:C5ED82A05EB0E622ACB4B62BA37AB2F1"]}]}, "score": {"value": 2.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2020-0501", "CVE-2020-0502", "CVE-2020-0503", "CVE-2020-0504", "CVE-2020-0505", "CVE-2020-0506", "CVE-2020-0507", "CVE-2020-0508", "CVE-2020-0511", "CVE-2020-0514", "CVE-2020-0515", "CVE-2020-0516", "CVE-2020-0517", "CVE-2020-0519", "CVE-2020-0520", "CVE-2020-0565", "CVE-2020-0567"]}, {"type": "hp", "idList": ["HP:C06587734"]}, {"type": "lenovo", "idList": ["LENOVO:PS500318-INTEL-GRAPHICS-DRIVER-FOR-WINDOWS-NOSID"]}, {"type": "threatpost", "idList": ["THREATPOST:9413387DF7BF30AAEC83BA61DEFFC0C9", "THREATPOST:C5ED82A05EB0E622ACB4B62BA37AB2F1"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2020-0520", "epss": "0.000620000", "percentile": "0.243350000", "modified": "2023-03-15"}, {"cve": "CVE-2020-0502", "epss": "0.000440000", "percentile": "0.102560000", "modified": "2023-03-15"}, {"cve": "CVE-2020-0506", "epss": "0.000440000", "percentile": "0.102560000", "modified": "2023-03-15"}, {"cve": "CVE-2020-0503", "epss": "0.000440000", "percentile": "0.102560000", "modified": "2023-03-15"}, {"cve": "CVE-2020-0507", "epss": "0.000440000", "percentile": "0.102560000", "modified": "2023-03-15"}, {"cve": "CVE-2020-0501", "epss": "0.000440000", "percentile": "0.102560000", "modified": "2023-03-15"}, {"cve": "CVE-2020-0567", "epss": "0.000440000", "percentile": "0.102560000", "modified": "2023-03-15"}, {"cve": "CVE-2020-0516", "epss": "0.000440000", "percentile": "0.102560000", "modified": "2023-03-15"}, {"cve": "CVE-2020-0504", "epss": "0.000440000", "percentile": "0.102560000", "modified": "2023-03-15"}, {"cve": "CVE-2020-0515", "epss": "0.000440000", "percentile": "0.102560000", "modified": "2023-03-15"}, {"cve": "CVE-2020-0565", "epss": "0.000440000", "percentile": "0.102560000", "modified": "2023-03-15"}, {"cve": "CVE-2020-0519", "epss": "0.000440000", "percentile": "0.102560000", "modified": "2023-03-15"}, {"cve": "CVE-2020-0508", "epss": "0.000440000", "percentile": "0.102560000", "modified": "2023-03-15"}, {"cve": "CVE-2020-0505", "epss": "0.000440000", "percentile": "0.102560000", "modified": "2023-03-15"}, {"cve": "CVE-2020-0514", "epss": "0.000440000", "percentile": "0.102560000", "modified": "2023-03-15"}, {"cve": "CVE-2020-0511", "epss": "0.000440000", "percentile": "0.102560000", "modified": "2023-03-15"}, {"cve": "CVE-2020-0517", "epss": "0.000440000", "percentile": "0.102560000", "modified": "2023-03-15"}], "vulnersScore": 2.3}, "_state": {"dependencies": 1660004461, "score": 1683999172, "epss": 1678891487}, "_internal": {"score_hash": "ab80ed58b221e709ae74fcff0571802c"}}

{"lenovo": [{"lastseen": "2021-08-11T16:37:46", "description": "**Lenovo Security Advisory:** LEN-30555\n\n**Potential Impact**: Escalation of privilege, denial of service and/or information disclosure\n\n**Severity:** High\n\n**Scope of Impact:** Industry-wide\n\n**CVE Identifier:** CVE-2020-0501, CVE-2020-0502, CVE-2020-0503, CVE-2020-0504, CVE-2020-0505, CVE-2020-0506, CVE-2020-0507, CVE-2020-0508, CVE-2020-0511, CVE-2020-0514, CVE-2020-0515, CVE-2020-0516, CVE-2020-0517, CVE-2020-0519, CVE-2020-0520, CVE-2020-0565, CVE-2020-0567\n\n**Summary Description: **\n\nIntel reported potential security vulnerabilities in Intel Graphics Driver for Windows which may lead to escalation of privilege, denial of service and/or information disclosure.\n\n**Mitigation Strategy for Customers (what you should do to protect yourself): **\n\nIntel recommends updating the Intel Graphics Driver for Windows to the latest version (or newer) as indicated for your model in the Product Impact section below.\n\n****\n\n**Product Impact:**\n\nTo download the version specified for your product below, follow these steps:\n\n 1. Navigate to your product's Drivers & Software page by going to [https://support.lenovo.com/](<https://pcsupport.lenovo.com/us/en/>). PRC users should go to <https://newsupport.lenovo.com.cn/>\n 2. Searching for your product by name or machine type.\n 3. Click Drivers & Software on the left menu panel.\n 4. Click on Manual Update to browse by Component type.\n 5. Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site.\n\nAlternatively and if applicable for your product, you may use Lenovo Vantage or Windows Update to update to the latest available version. To confirm you are using the minimum fix version (or higher), go to Add/Remove Programs and check the version listed there.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 5.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.4}, "published": "2020-03-06T19:35:22", "type": "lenovo", "title": "Intel Graphics Driver for Windows - Lenovo Support NL", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0520", "CVE-2020-0502", "CVE-2020-0506", "CVE-2020-0503", "CVE-2020-0507", "CVE-2020-0501", "CVE-2020-0567", "CVE-2020-0516", "CVE-2020-0504", "CVE-2020-0515", "CVE-2020-0565", "CVE-2020-0519", "CVE-2020-0508", "CVE-2020-0505", "CVE-2020-0514", "CVE-2020-0511", "CVE-2020-0517"], "modified": "2021-07-23T19:04:32", "id": "LENOVO:PS500318-INTEL-GRAPHICS-DRIVER-FOR-WINDOWS-NOSID", "href": "https://support.lenovo.com/nl/nl/product_security/ps500318-intel-graphics-driver-for-windows", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "hp": [{"lastseen": "2021-12-30T16:03:50", "description": "## Potential Security Impact\nEscalation of Privilege, Denial of Service, Information Disclosure.\n\n**Source:** HP, HP Product Security Response Team (PSRT) \n\n**Reported By:** Intel \n\n## VULNERABILITY SUMMARY\nIntel has reported potential security vulnerabilities in Intel\u00ae Graphics Drivers for Windows which may allow escalation of privilege, denial of service and/or information disclosure.\n\n## RESOLUTION\nIntel is releasing software updates to mitigate these potential vulnerabilities. HP has identified affected platforms and corresponding SoftPaq update versions. See the affected platforms listed below. \n", "cvss3": {}, "published": "2020-03-09T00:00:00", "type": "hp", "title": "HPSBHF03658 rev. 3 - Intel\u00ae Graphics Drivers March 2020 Security Updates", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-0504", "CVE-2020-0516", "CVE-2020-0501", "CVE-2020-0505", "CVE-2020-0519", "CVE-2020-0520", "CVE-2020-0508", "CVE-2020-0514", "CVE-2020-0515", "CVE-2020-0565", "CVE-2020-0503", "CVE-2020-0511", "CVE-2020-0567", "CVE-2020-0502", "CVE-2020-0507", "CVE-2020-0517", "CVE-2020-0506"], "modified": "2020-07-10T00:00:00", "id": "HP:C06587734", "href": "https://support.hp.com/us-en/document/c06587734", "cvss": {"score": "8.4", "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/"}}], "intel": [{"lastseen": "2023-02-08T18:04:16", "description": "### Summary:\n\nPotential security vulnerabilities in Intel\u00ae Graphics Drivers may allow escalation of privilege, denial of service and/or information disclosure.** **Intel is releasing software updates to mitigate these potential vulnerabilities.\n\n### Vulnerability Details:\n\nCVEID: [CVE-2020-0502](<https://vulners.com/cve/CVE-2020-0502>)\n\nDescription: Improper access control in Intel(R) Graphics Drivers before version 26.20.100.6912 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 8.8 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H>)\n\n[](<https://vulners.com/cve/CVE-2020-0502>) \nCVEID: [CVE-2020-0504](<https://vulners.com/cve/CVE-2020-0504>)\n\nDescription: Buffer overflow in Intel(R) Graphics Drivers before versions 15.40.44.5107, 15.45.30.5103, and 26.20.100.7158 may allow an authenticated user to potentially enable escalation of privilege and denial of service via local access.\n\nCVSS Base Score: 8.4 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H>) \n\n\nCVEID: [CVE-2020-0516](<https://vulners.com/cve/CVE-2020-0516>)\n\nDescription: Improper access control in Intel(R) Graphics Drivers before version 26.20.100.7463 may allow an authenticated user to potentially enable denial of service via local access.\n\nCVSS Base Score: 7.9 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H>)\n\nCVEID: [CVE-2020-0519](<https://vulners.com/cve/CVE-2020-0519>)\n\nDescription: Improper access control for Intel(R) Graphics Drivers before versions 15.33.49.5100 and 15.36.38.5117 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access.\n\nCVSS Base Score: 7.3 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L>)\n\nCVEID: [CVE-2020-0520](<https://vulners.com/cve/CVE-2020-0520>)\n\nDescription: Path traversal in igdkmd64.sys for Intel(R) Graphics Drivers before versions 15.45.30.5103, 15.40.44.5107, 15.36.38.5117 and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access.\n\nCVSS Base Score: 7.3 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H>)\n\nCVEID: [CVE-2020-0505](<https://vulners.com/cve/CVE-2020-0505>)\n\nDescription: Improper conditions check in Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable information disclosure and denial of service via local access.\n\nCVSS Base Score: 7.3 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L>)\n\nCVEID: [CVE-2020-0501](<https://vulners.com/cve/CVE-2020-0501>)\n\nDescription: Buffer overflow in Intel(R) Graphics Drivers before version 26.20.100.6912 may allow an authenticated user to potentially enable a denial of service via local access.\n\nCVSS Base Score: 7.3 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H>)\n\nCVEID: [CVE-2020-0565](<https://vulners.com/cve/CVE-2020-0565>)\n\nDescription: Uncontrolled search path in Intel(R) Graphics Drivers before version 26.20.100.7158 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 6.7 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H>)\n\nCVEID: [CVE-2020-0514](<https://vulners.com/cve/CVE-2020-0514>)\n\nDescription: Improper default permissions in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7463 and 15.45.30.5103 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 6.7 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H>)\n\nCVEID: [CVE-2020-0508](<https://vulners.com/cve/CVE-2020-0508>)\n\nDescription: Incorrect default permissions in the installer for Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 6.7 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H>)\n\nCVEID: [CVE-2020-0511](<https://vulners.com/cve/CVE-2020-0511>)\n\nDescription: Uncaught exception in system driver for Intel(R) Graphics Drivers before version 15.40.44.5107 may allow an authenticated user to potentially enable a denial of service via local access.\n\nCVSS Base Score: 6.5 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H>)\n\nCVEID: [CVE-2020-0503](<https://vulners.com/cve/CVE-2020-0503>)\n\nDescription: Improper access control in Intel(R) Graphics Drivers before version 26.20.100.7212 may allow an authenticated user to potentially enable information disclosure via local access.\n\nCVSS Base Score: 6.5 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>)\n\nCVEID: [CVE-2020-0567](<https://vulners.com/cve/CVE-2020-0567>)\n\nDescription: Improper input validation in Intel(R) Graphics Drivers before version 26.20.100.7212 may allow an authenticated user to enable denial of service via local access.\n\nCVSS Base Score: 6.5 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H>)\n\nCVEID: [CVE-2020-0507](<https://vulners.com/cve/CVE-2020-0507>) \n\n\nDescription: Unquoted service path in Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable denial of service via local access.\n\nCVSS Base Score: 4.4 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H>)\n\nCVEID: [CVE-2020-0517](<https://vulners.com/cve/CVE-2020-0517>)\n\nDescription: Out-of-bounds write in Intel(R) Graphics Drivers before version 15.36.38.5117 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access.\n\nCVSS Base Score: 4.2 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L>)\n\nCVEID: [CVE-2020-0506](<https://vulners.com/cve/CVE-2020-0506>)\n\nDescription: Improper initialization in Intel(R) Graphics Drivers before versions 15.40.44.5107, 15.45.29.5077, and 26.20.100.7000 may allow a privileged user to potentially enable a denial of service via local access.\n\nCVSS Base Score: 3.2 Low\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L>)\n\n_ _\n\n### Affected Products:\n\nIntel\u00ae Graphics Drivers for 3rd, 4th, 5th, 6th, 7th, 8th, 9th, 10th Generation Intel\u00ae Processors for Windows* 7, 8.1, and 10 before versions 15.40.44.5107, 15.45.29.5103, 26.20.100.7584, 15.33.49.5100 and 15.36.38.5117.\n\n### Recommendations:\n\nIntel recommends updating Intel\u00ae Graphics Drivers for Windows* to latest version. \n \n\n\nUpdates are available for download at this location:\n\n<https://downloadcenter.intel.com/search?keyword=intel+graphics>\n\n### Acknowledgements:\n\nIntel would like to thank Ori Nimron (@orinimron123) (CVE-2020-0503, CVE-2020-0504, CVE-2020-0506, CVE-2020-0511, CVE-2020-0519, CVE-2020-0520), Anonymous (CVE-2020-0507), DrX (CVE-2020-0508), Jimmy Bayne (CVE-2020-0514), Zhiniang Peng (CVE-2020-0516), RanchoIce of Tencent Security ZhanluLab (CVE-2020-0517), Eran Shimony (CVE-2020-0565), and Wei Lei (CVE-2020-0567) for reporting these issues.\n\nIntel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.\n", "cvss3": {}, "published": "2020-03-10T00:00:00", "type": "intel", "title": "Intel\u00ae Graphics Drivers Advisory", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-0501", "CVE-2020-0502", "CVE-2020-0503", "CVE-2020-0504", "CVE-2020-0505", "CVE-2020-0506", "CVE-2020-0507", "CVE-2020-0508", "CVE-2020-0511", "CVE-2020-0514", "CVE-2020-0516", "CVE-2020-0517", "CVE-2020-0519", "CVE-2020-0520", "CVE-2020-0565", "CVE-2020-0567"], "modified": "2020-03-10T00:00:00", "id": "INTEL:INTEL-SA-00315", "href": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-08T18:04:15", "description": "### Summary: \n\nPotential security vulnerabilities in some Intel\u00ae Graphics Drivers may allow escalation of privilege and/or denial of service.** **Intel is releasing software updates to mitigate these potential vulnerabilities.\n\n### Vulnerability Details:\n\nCVEID: [CVE-2020-0510](<https://vulners.com/cve/CVE-2020-0510>)\n\nDescription: Out of bounds read in some Intel(R) Graphics Drivers before versions 15.45.31.5127 and 15.40.45.5126 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 7.1 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H>)\n\nCVEID: [CVE-2020-0513](<https://vulners.com/cve/CVE-2020-0513>)\n\nDescription: Out of bounds write for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 7.1 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H>)\n\nCVEID: [CVE-2020-8681](<https://vulners.com/cve/CVE-2020-8681>)\n\nDescription: Out of bounds write in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 7.1 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H>)\n\nCVEID: [CVE-2020-8680](<https://vulners.com/cve/CVE-2020-8680>)\n\nDescription: Race condition in some Intel(R) Graphics Drivers before version 15.40.45.5126 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 7.1 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H>)\n\nCVEID: [CVE-2020-8679](<https://vulners.com/cve/CVE-2020-8679>)\n\nDescription: Out-of-bounds write in Kernel Mode Driver for some Intel(R) Graphics Drivers before version 26.20.100.7755 may allow an authenticated user to potentially enable denial of service via local access.\n\nCVSS Base Score: 7.1 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H>)\n\nCVEID: [CVE-2020-0515](<https://vulners.com/cve/CVE-2020-0515>)\n\nDescription: Uncontrolled search path element in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7584, 15.45.30.5103, 15.40.44.5107, 15.36.38.5117, and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 6.7 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H>)\n\nCVEID: [CVE-2020-0512](<https://vulners.com/cve/CVE-2020-0512>)\n\nDescription: Uncaught exception in the system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access.\n\nCVSS Base Score: 5.5 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>)\n\nCVEID: [CVE-2020-8682](<https://vulners.com/cve/CVE-2020-8682>)\n\nDescription: Out of bounds read in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access. \n\n\nCVSS Base Score: 5.5 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>)\n\nCVEID: [CVE-2020-8683](<https://vulners.com/cve/CVE-2020-8683>)\n\nDescription: Improper buffer restrictions in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access.\n\nCVSS Base Score: 5.5 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>)\n\n### Affected Products:\n\nIntel\u00ae Graphics Drivers for 3rd, 4th, 5th, 6th, 7th, 8th, 9th and 10th Generation Intel\u00ae Processors for Windows* 7, 8.1 and 10 before versions 15.33.50.5129, 15.40.45.5126, 15.45.31.5127, and 26.20.100.7755.\n\n### Recommendations:\n\nIntel recommends updating Intel\u00ae Graphics Drivers for Windows to latest version.\n\nUpdates are available for download at this location:\n\n<https://downloadcenter.intel.com/search?keyword=intel+graphics>\n\n### Acknowledgements:\n\nIntel would like to thank Stefan Kanthak for reporting CVE-2020-0515 and Ori Nimron (@orinimron123) for reporting the rest of the issues.\n\nIntel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.\n", "cvss3": {}, "published": "2020-08-11T00:00:00", "type": "intel", "title": "Intel\u00ae Graphics Drivers\u00a0Advisory", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-0510", "CVE-2020-0512", "CVE-2020-0513", "CVE-2020-0515", "CVE-2020-8679", "CVE-2020-8680", "CVE-2020-8681", "CVE-2020-8682", "CVE-2020-8683"], "modified": "2020-08-11T00:00:00", "id": "INTEL:INTEL-SA-00369", "href": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00369.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "threatpost": [{"lastseen": "2020-10-14T22:27:44", "description": "Intel has issued security patches for six high-severity vulnerabilities in its Windows graphics drivers which, if exploited, could enable escalation of privilege, denial of service (DoS) and information disclosure.\n\nThe graphics driver is software that controls how graphic components work with the rest of the computer. Intel develops graphics drivers for Windows OS to communicate with specific Intel graphics devices, for instance. In addition to these six high-severity flaws, [Intel stomped out 17 vulnerabilities](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html>) overall in its graphics drivers on Tuesday. Separately, Intel addressed a load value injection (LVI) vulnerability ([CVE-2020-0551](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html>)), which it ranked as medium severity, that [researchers say could allow](<https://lviattack.eu>) attackers to steal sensitive data.\n\nThe most severe of these is a buffer-overflow vulnerability ([CVE-2020-0504](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0504>)) existing in Intel graphic drivers before versions 15.40.44.5107, 15.45.30.5103 and 26.20.100.7158. The flaw scores 8.4 out of 10 on the CVSS scale, making it high-severity. If exploited, this flaw \u201cmay allow an authenticated user to potentially enable a denial of service via local access,\u201d said Intel.\n\n[![](https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg)](<https://threatpost.com/newsletter-sign/>)\n\nA [buffer overflow](<https://cwe.mitre.org/data/definitions/122.html>) is a type of flaw where a buffer (a region in physical memory storage used to temporarily store data while it is being moved) that can be overwritten is allocated in the heap portion of memory (a region of process\u2019s memory which is used to store dynamic variables). That excess data in turn corrupts nearby space in memory and could alter other data, opening the door for malicious attacks. Another buffer overflow flaw ([CVE-2020-0501](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0501>)) was addressed in the graphics driver (before version 26.20.100.6912) that could also open the it up to a DoS attack by an authenticated user with local access.\n\nIntel also addressed two high-severity improper access control flaws ([CVE-2020-0516](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0516>) and [CVE-2020-0519](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0519>)) in its graphics drivers that could give authenticated attackers (with local access) escalated privileges or enable them to launch a DoS attack. And, it patched a high-severity path traversal flaw ([CVE-2020-0520](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0520>)) in the igdkmd64.sys file of the graphics drivers (before versions 15.45.30.5103, 15.40.44.5107, 15.36.38.5117 and 15.33.49.5100), which could enable privilege escalation or DoS; and an improper conditions check glitch ([CVE-2020-0505](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0505>)) in the graphic driver (before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103 and 26.20.100.7212) that may enable information disclosure and DoS.\n\nIt\u2019s not the first time flaws have been discovered in discovered in Intel\u2019s graphics drivers. A year ago, [Intel patched 19 vulnerabilities](<https://threatpost.com/intel-windows-10-graphics-drivers/142778/>), including two high-severity flaws [CVE-2018-12216](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12216>) and [CVE-2018-12214](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12214>) that could both allow a privileged user to execute arbitrary code via local access.\n\n**Other Products, Other High-Severity Flaws**\n\nIn its Tuesday security advisory, Intel addressed CVE-2020-0551, a new class of transient-execution attacks that exploit microarchitectural flaws to inject attacker data into a program and steal sensitive data and keys from Intel SGX (or Intel Software Guard eXtensions; which is processor technology released in 2015 to create isolated environments in the computer\u2019s memory).\n\n\u201cLVI turns previous data extraction attacks around, like Meltdown, Foreshadow, ZombieLoad, RIDL and Fallout, and defeats all existing mitigations,\u201d according to researchers who discovered the flaw [in a Tuesday post](<https://lviattack.eu/>). \u201cInstead of directly leaking data from the victim to the attacker, we proceed in the opposite direction: we smuggle \u2014 \u2018inject\u2019 \u2014 the attacker\u2019s data through hidden processor buffers into a victim program and hijack transient execution to acquire sensitive information, such as the victim\u2019s fingerprints or passwords.\u201d\n\nIntel for its part rated the vulnerability medium severity and [said in a separate post](<https://blogs.intel.com/technology/2020/03/ipas-security-advisories-for-march-2020/#gs.z0brxo>): \u201cDue to the numerous complex requirements that must be satisfied to successfully carry out the LVI method, Intel does not believe LVI is a practical exploit in real world environments where the OS and VMM are trusted.\u201d\n\nIntel also released patches for high-severity flaws affecting its Next Unit Computing (NUC) mini PC firmware (which has been found to be vulnerable to [various flaws in the past](<https://threatpost.com/intel-patches-nuc-firmware/145620/>)). These flaws include an improper buffer restriction ([CVE-2020-0530](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0530>)) in the NUC firmware that \u201cmay allow an authenticated user to potentially enable escalation of privilege via local access,\u201d according to Intel. And, an improper input validation in the NUC firmware ([CVE-2020-0526](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0526>)) could enable allow a privileged user with local access to enable escalation of privilege. A full list of affected NUC versions [can be found here](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html>).\n\nAnother high-severity vulnerability was address in BlueZ, the pairing communications Bluetooth stack for major Linux distributions that supports Bluetooth protocols and layers. Intel is a leading contributor to the BlueZ project, employing currently all but one of the maintainers. According to Intel, an improper access control flaw in the subsystem of BlueZ (before version 5.53) could allow an unauthenticated user with adjacent access to achieve escalation of privilege and launch DoS attacks.\n\nFinally, Intel fixed a [high-severity flaw](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00354.html>) in its Smart Sound Technology, which provides audio and voice processing to support \u201cvoice wake\u201d functions in devices. The vulnerability ([CVE-2020-0583](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0583>)) is an improper access control flaw in the subsystem for Intel\u2019s Smart Sound Technology, which could allow an authenticated user to potentially enable escalation of privilege via local access. Versions of Smart Sound Technology before the 10th Generation Intel Core i7 Processors, version 3431; and 8th Generation Intel Core Processors, version 3349 are affected; Intel recommends that users update to the latest version provided by the system manufacturer that addresses these issues.\n\n**_Interested in security for the Internet of Things and how 5G will change the threat landscape? Join our free Threatpost webinar, [\u201c5G, the Olympics and Next-Gen Security Challenges,\u201d](<https://attendee.gotowebinar.com/register/3191336203359293954?source=art>) as our panel discusses what use cases to expect in 2020 (the Olympics will be a first test), why 5G security risks are different, the role of AI in defense and how enterprises can manage their risk. [Register here](<https://attendee.gotowebinar.com/register/3191336203359293954?source=art>)._**\n", "cvss3": {}, "published": "2020-03-10T18:08:36", "type": "threatpost", "title": "High-Severity Flaws Plague Intel Graphics Drivers", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2018-12214", "CVE-2018-12216", "CVE-2020-0501", "CVE-2020-0504", "CVE-2020-0505", "CVE-2020-0516", "CVE-2020-0519", "CVE-2020-0520", "CVE-2020-0526", "CVE-2020-0530", "CVE-2020-0551", "CVE-2020-0583"], "modified": "2020-03-10T18:08:36", "id": "THREATPOST:C5ED82A05EB0E622ACB4B62BA37AB2F1", "href": "https://threatpost.com/high-severity-flaws-intel-graphics-drivers/153568/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-10T21:24:30", "description": "Intel has issued security patches for six high-severity vulnerabilities in its Windows graphics drivers which, if exploited, could enable escalation of privilege, denial of service (DoS) and information disclosure.\n\nThe graphics driver is software that controls how graphic components work with the rest of the computer. Intel develops graphics drivers for Windows OS to communicate with specific Intel graphics devices, for instance. In addition to these six high-severity flaws, [Intel stomped out 17 vulnerabilities](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html>) overall in its graphics drivers on Tuesday. Separately, Intel addressed a load value injection (LVI) vulnerability ([CVE-2020-0551](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html>)), which it ranked as medium severity, that [researchers say could allow](<https://lviattack.eu>) attackers to steal sensitive data.\n\nThe most severe of these is a buffer-overflow vulnerability ([CVE-2020-0504](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0504>)) existing in Intel graphic drivers before versions 15.40.44.5107, 15.45.30.5103 and 26.20.100.7158. The flaw scores 8.4 out of 10 on the CVSS scale, making it high-severity. If exploited, this flaw \u201cmay allow an authenticated user to potentially enable a denial of service via local access,\u201d said Intel.\n\n[![](https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg)](<https://threatpost.com/newsletter-sign/>)\n\nA [buffer overflow](<https://cwe.mitre.org/data/definitions/122.html>) is a type of flaw where a buffer (a region in physical memory storage used to temporarily store data while it is being moved) that can be overwritten is allocated in the heap portion of memory (a region of process\u2019s memory which is used to store dynamic variables). That excess data in turn corrupts nearby space in memory and could alter other data, opening the door for malicious attacks. Another buffer overflow flaw ([CVE-2020-0501](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0501>)) was addressed in the graphics driver (before version 26.20.100.6912) that could also open the it up to a DoS attack by an authenticated user with local access.\n\nIntel also addressed two high-severity improper access control flaws ([CVE-2020-0516](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0516>) and [CVE-2020-0519](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0519>)) in its graphics drivers that could give authenticated attackers (with local access) escalated privileges or enable them to launch a DoS attack. And, it patched a high-severity path traversal flaw ([CVE-2020-0520](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0520>)) in the igdkmd64.sys file of the graphics drivers (before versions 15.45.30.5103, 15.40.44.5107, 15.36.38.5117 and 15.33.49.5100), which could enable privilege escalation or DoS; and an improper conditions check glitch ([CVE-2020-0505](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0505>)) in the graphic driver (before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103 and 26.20.100.7212) that may enable information disclosure and DoS.\n\nIt\u2019s not the first time flaws have been discovered in discovered in Intel\u2019s graphics drivers. A year ago, [Intel patched 19 vulnerabilities](<https://threatpost.com/intel-windows-10-graphics-drivers/142778/>), including two high-severity flaws [CVE-2018-12216](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12216>) and [CVE-2018-12214](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12214>) that could both allow a privileged user to execute arbitrary code via local access.\n\n**Other Products, Other High-Severity Flaws**\n\nIn its Tuesday security advisory, Intel addressed CVE-2020-0551, a new class of transient-execution attacks that exploit microarchitectural flaws to inject attacker data into a program and steal sensitive data and keys from Intel SGX (or Intel Software Guard eXtensions; which is processor technology released in 2015 to create isolated environments in the computer\u2019s memory).\n\n\u201cLVI turns previous data extraction attacks around, like Meltdown, Foreshadow, ZombieLoad, RIDL and Fallout, and defeats all existing mitigations,\u201d according to researchers who discovered the flaw [in a Tuesday post](<https://lviattack.eu/>). \u201cInstead of directly leaking data from the victim to the attacker, we proceed in the opposite direction: we smuggle \u2014 \u2018inject\u2019 \u2014 the attacker\u2019s data through hidden processor buffers into a victim program and hijack transient execution to acquire sensitive information, such as the victim\u2019s fingerprints or passwords.\u201d\n\nIntel for its part rated the vulnerability medium severity and [said in a separate post](<https://blogs.intel.com/technology/2020/03/ipas-security-advisories-for-march-2020/#gs.z0brxo>): \u201cDue to the numerous complex requirements that must be satisfied to successfully carry out the LVI method, Intel does not believe LVI is a practical exploit in real world environments where the OS and VMM are trusted.\u201d\n\nIntel also released patches for high-severity flaws affecting its Next Unit Computing (NUC) mini PC firmware (which has been found to be vulnerable to [various flaws in the past](<https://threatpost.com/intel-patches-nuc-firmware/145620/>)). These flaws include an improper buffer restriction ([CVE-2020-0530](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0530>)) in the NUC firmware that \u201cmay allow an authenticated user to potentially enable escalation of privilege via local access,\u201d according to Intel. And, an improper input validation in the NUC firmware ([CVE-2020-0526](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0526>)) could enable allow a privileged user with local access to enable escalation of privilege. A full list of affected NUC versions [can be found here](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html>).\n\nAnother high-severity vulnerability was address in BlueZ, the pairing communications Bluetooth stack for major Linux distributions that supports Bluetooth protocols and layers. Intel is a leading contributor to the BlueZ project, employing currently all but one of the maintainers. According to Intel, an improper access control flaw in the subsystem of BlueZ (before version 5.53) could allow an unauthenticated user with adjacent access to achieve escalation of privilege and launch DoS attacks.\n\nFinally, Intel fixed a [high-severity flaw](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00354.html>) in its Smart Sound Technology, which provides audio and voice processing to support \u201cvoice wake\u201d functions in devices. The vulnerability ([CVE-2020-0583](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0583>)) is an improper access control flaw in the subsystem for Intel\u2019s Smart Sound Technology, which could allow an authenticated user to potentially enable escalation of privilege via local access. Versions of Smart Sound Technology before the 10th Generation Intel Core i7 Processors, version 3431; and 8th Generation Intel Core Processors, version 3349 are affected; Intel recommends that users update to the latest version provided by the system manufacturer that addresses these issues.\n\n**_Interested in security for the Internet of Things and how 5G will change the threat landscape? Join our free Threatpost webinar, [\u201c5G, the Olympics and Next-Gen Security Challenges,\u201d](<https://attendee.gotowebinar.com/register/3191336203359293954?source=art>) as our panel discusses what use cases to expect in 2020 (the Olympics will be a first test), why 5G security risks are different, the role of AI in defense and how enterprises can manage their risk. [Register here](<https://attendee.gotowebinar.com/register/3191336203359293954?source=art>)._**\n", "cvss3": {}, "published": "2020-03-10T18:08:36", "type": "threatpost", "title": "High-Severity Flaws Plague Intel Graphics Drivers", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2018-12214", "CVE-2018-12216", "CVE-2020-0501", "CVE-2020-0504", "CVE-2020-0505", "CVE-2020-0516", "CVE-2020-0519", "CVE-2020-0520", "CVE-2020-0526", "CVE-2020-0530", "CVE-2020-0551", "CVE-2020-0583"], "modified": "2020-03-10T18:08:36", "id": "THREATPOST:9413387DF7BF30AAEC83BA61DEFFC0C9", "href": "https://threatpost.com/high-severity-flaws-intel-graphics-drivers/153568/?utm_source=rss&utm_medium=rss&utm_campaign=high-severity-flaws-intel-graphics-drivers", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "prion": [{"lastseen": "2023-08-16T08:39:03", "description": "Improper default permissions in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7463 and 15.45.30.5103 may allow an authenticated user to potentially enable escalation of privilege via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-12T20:15:00", "type": "prion", "title": "CVE-2020-0514", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0514"], "modified": "2020-03-23T11:42:00", "id": "PRION:CVE-2020-0514", "href": "https://kb.prio-n.com/vulnerability/CVE-2020-0514", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T08:39:05", "description": "Improper access control for Intel(R) Graphics Drivers before versions 15.33.49.5100 and 15.36.38.5117 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-12T20:15:00", "type": "prion", "title": "CVE-2020-0519", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0519"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-0519", "href": "https://kb.prio-n.com/vulnerability/CVE-2020-0519", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T08:39:02", "description": "Uncaught exception in system driver for Intel(R) Graphics Drivers before version 15.40.44.5107 may allow an authenticated user to potentially enable a denial of service via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-12T20:15:00", "type": "prion", "title": "CVE-2020-0511", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0511"], "modified": "2022-01-01T18:44:00", "id": "PRION:CVE-2020-0511", "href": "https://kb.prio-n.com/vulnerability/CVE-2020-0511", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-08-16T08:39:04", "description": "Uncontrolled search path element in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7584, 15.45.30.5103, 15.40.44.5107, 15.36.38.5117, and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege via local access", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-12T20:15:00", "type": "prion", "title": "CVE-2020-0515", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0515"], "modified": "2021-05-19T16:51:00", "id": "PRION:CVE-2020-0515", "href": "https://kb.prio-n.com/vulnerability/CVE-2020-0515", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T08:39:05", "description": "Out-of-bounds write in Intel(R) Graphics Drivers before version 15.36.38.5117 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2020-03-12T20:15:00", "type": "prion", "title": "CVE-2020-0517", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0517"], "modified": "2022-01-01T18:44:00", "id": "PRION:CVE-2020-0517", "href": "https://kb.prio-n.com/vulnerability/CVE-2020-0517", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T08:39:25", "description": "Uncontrolled search path in Intel(R) Graphics Drivers before version 26.20.100.7158 may allow an authenticated user to potentially enable escalation of privilege via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-12T21:15:00", "type": "prion", "title": "CVE-2020-0565", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0565"], "modified": "2020-03-20T10:15:00", "id": "PRION:CVE-2020-0565", "href": "https://kb.prio-n.com/vulnerability/CVE-2020-0565", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T08:39:04", "description": "Improper access control in Intel(R) Graphics Drivers before version 26.20.100.7463 may allow an authenticated user to potentially enable denial of service via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-12T20:15:00", "type": "prion", "title": "CVE-2020-0516", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0516"], "modified": "2020-03-20T10:15:00", "id": "PRION:CVE-2020-0516", "href": "https://kb.prio-n.com/vulnerability/CVE-2020-0516", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-08-16T08:39:01", "description": "Incorrect default permissions in the installer for Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable escalation of privilege via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-12T20:15:00", "type": "prion", "title": "CVE-2020-0508", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0508"], "modified": "2021-05-19T16:52:00", "id": "PRION:CVE-2020-0508", "href": "https://kb.prio-n.com/vulnerability/CVE-2020-0508", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T08:39:06", "description": "Path traversal in igdkmd64.sys for Intel(R) Graphics Drivers before versions 15.45.30.5103, 15.40.44.5107, 15.36.38.5117 and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-12T20:15:00", "type": "prion", "title": "CVE-2020-0520", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0520"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-0520", "href": "https://kb.prio-n.com/vulnerability/CVE-2020-0520", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T08:39:27", "description": "Improper input validation in Intel(R) Graphics Drivers before version 26.20.100.7212 may allow an authenticated user to enable denial of service via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-12T21:15:00", "type": "prion", "title": "CVE-2020-0567", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0567"], "modified": "2022-01-01T18:44:00", "id": "PRION:CVE-2020-0567", "href": "https://kb.prio-n.com/vulnerability/CVE-2020-0567", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-08-16T08:39:00", "description": "Buffer overflow in Intel(R) Graphics Drivers before version 26.20.100.6912 may allow an authenticated user to potentially enable a denial of service via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-12T18:15:00", "type": "prion", "title": "CVE-2020-0501", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0501"], "modified": "2020-03-20T10:15:00", "id": "PRION:CVE-2020-0501", "href": "https://kb.prio-n.com/vulnerability/CVE-2020-0501", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-08-16T08:39:01", "description": "Improper initialization in Intel(R) Graphics Drivers before versions 15.40.44.5107, 15.45.29.5077, and 26.20.100.7000 may allow a privileged user to potentially enable a denial of service via local access.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 2.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-03-12T18:15:00", "type": "prion", "title": "CVE-2020-0506", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0506"], "modified": "2021-05-19T16:59:00", "id": "PRION:CVE-2020-0506", "href": "https://kb.prio-n.com/vulnerability/CVE-2020-0506", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-08-16T08:39:01", "description": "Buffer overflow in Intel(R) Graphics Drivers before versions 15.40.44.5107, 15.45.30.5103, and 26.20.100.7158 may allow an authenticated user to potentially enable escalation of privilege and denial of service via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-12T18:15:00", "type": "prion", "title": "CVE-2020-0504", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0504"], "modified": "2021-05-19T17:00:00", "id": "PRION:CVE-2020-0504", "href": "https://kb.prio-n.com/vulnerability/CVE-2020-0504", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T08:39:01", "description": "Unquoted service path in Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable denial of service via local access.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-12T18:15:00", "type": "prion", "title": "CVE-2020-0507", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0507"], "modified": "2021-05-19T16:52:00", "id": "PRION:CVE-2020-0507", "href": "https://kb.prio-n.com/vulnerability/CVE-2020-0507", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-08-16T08:39:04", "description": "Improper access control in Intel(R) Graphics Drivers before version 26.20.100.7212 may allow an authenticated user to potentially enable information disclosure via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-12T18:15:00", "type": "prion", "title": "CVE-2020-0503", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0503"], "modified": "2022-01-01T18:44:00", "id": "PRION:CVE-2020-0503", "href": "https://kb.prio-n.com/vulnerability/CVE-2020-0503", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-08-16T08:39:00", "description": "Improper conditions check in Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable information disclosure and denial of service via local", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2020-03-12T18:15:00", "type": "prion", "title": "CVE-2020-0505", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0505"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-0505", "href": "https://kb.prio-n.com/vulnerability/CVE-2020-0505", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-08-16T08:39:00", "description": "Improper access control in Intel(R) Graphics Drivers before version 26.20.100.6912 may allow an authenticated user to potentially enable escalation of privilege via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2020-03-12T18:15:00", "type": "prion", "title": "CVE-2020-0502", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0502"], "modified": "2022-01-01T18:44:00", "id": "PRION:CVE-2020-0502", "href": "https://kb.prio-n.com/vulnerability/CVE-2020-0502", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-09-23T17:36:49", "description": "Uncontrolled search path element in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7584, 15.45.30.5103, 15.40.44.5107, 15.36.38.5117, and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege via local access", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-12T20:15:00", "type": "cve", "title": "CVE-2020-0515", "cwe": ["CWE-427"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0515"], "modified": "2021-05-19T16:51:00", "cpe": [], "id": "CVE-2020-0515", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0515", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-09-26T18:57:25", "description": "Improper access control in Intel(R) Graphics Drivers before version 26.20.100.7463 may allow an authenticated user to potentially enable denial of service via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-12T20:15:00", "type": "cve", "title": "CVE-2020-0516", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0516"], "modified": "2020-03-20T10:15:00", "cpe": [], "id": "CVE-2020-0516", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0516", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2023-09-26T19:01:23", "description": "Improper default permissions in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7463 and 15.45.30.5103 may allow an authenticated user to potentially enable escalation of privilege via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-12T20:15:00", "type": "cve", "title": "CVE-2020-0514", "cwe": ["CWE-276"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0514"], "modified": "2020-03-23T11:42:00", "cpe": [], "id": "CVE-2020-0514", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0514", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-09-26T19:01:23", "description": "Out-of-bounds write in Intel(R) Graphics Drivers before version 15.36.38.5117 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2020-03-12T20:15:00", "type": "cve", "title": "CVE-2020-0517", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0517"], "modified": "2022-01-01T18:44:00", "cpe": [], "id": "CVE-2020-0517", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0517", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-09-23T17:54:01", "description": "Uncontrolled search path in Intel(R) Graphics Drivers before version 26.20.100.7158 may allow an authenticated user to potentially enable escalation of privilege via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-12T21:15:00", "type": "cve", "title": "CVE-2020-0565", "cwe": ["CWE-427"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0565"], "modified": "2020-03-20T10:15:00", "cpe": [], "id": "CVE-2020-0565", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0565", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-09-26T19:00:23", "description": "Incorrect default permissions in the installer for Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable escalation of privilege via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-12T20:15:00", "type": "cve", "title": "CVE-2020-0508", "cwe": ["CWE-276"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0508"], "modified": "2021-05-19T16:52:00", "cpe": [], "id": "CVE-2020-0508", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0508", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-09-26T19:00:25", "description": "Uncaught exception in system driver for Intel(R) Graphics Drivers before version 15.40.44.5107 may allow an authenticated user to potentially enable a denial of service via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-12T20:15:00", "type": "cve", "title": "CVE-2020-0511", "cwe": ["CWE-755"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0511"], "modified": "2022-01-01T18:44:00", "cpe": [], "id": "CVE-2020-0511", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0511", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2023-09-23T17:36:12", "description": "Improper access control for Intel(R) Graphics Drivers before versions 15.33.49.5100 and 15.36.38.5117 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-12T20:15:00", "type": "cve", "title": "CVE-2020-0519", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0519"], "modified": "2021-07-21T11:39:00", "cpe": [], "id": "CVE-2020-0519", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0519", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-09-26T19:00:22", "description": "Path traversal in igdkmd64.sys for Intel(R) Graphics Drivers before versions 15.45.30.5103, 15.40.44.5107, 15.36.38.5117 and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-12T20:15:00", "type": "cve", "title": "CVE-2020-0520", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0520"], "modified": "2021-07-21T11:39:00", "cpe": [], "id": "CVE-2020-0520", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0520", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-09-26T18:55:54", "description": "Improper initialization in Intel(R) Graphics Drivers before versions 15.40.44.5107, 15.45.29.5077, and 26.20.100.7000 may allow a privileged user to potentially enable a denial of service via local access.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 2.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-03-12T18:15:00", "type": "cve", "title": "CVE-2020-0506", "cwe": ["CWE-665"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0506"], "modified": "2021-05-19T16:59:00", "cpe": [], "id": "CVE-2020-0506", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0506", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2023-09-26T18:56:58", "description": "Unquoted service path in Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable denial of service via local access.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-12T18:15:00", "type": "cve", "title": "CVE-2020-0507", "cwe": ["CWE-428"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0507"], "modified": "2021-05-19T16:52:00", "cpe": [], "id": "CVE-2020-0507", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0507", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2023-09-26T18:59:35", "description": "Buffer overflow in Intel(R) Graphics Drivers before versions 15.40.44.5107, 15.45.30.5103, and 26.20.100.7158 may allow an authenticated user to potentially enable escalation of privilege and denial of service via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-12T18:15:00", "type": "cve", "title": "CVE-2020-0504", "cwe": ["CWE-120"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0504"], "modified": "2021-05-19T17:00:00", "cpe": [], "id": "CVE-2020-0504", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0504", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-09-23T17:52:38", "description": "Improper input validation in Intel(R) Graphics Drivers before version 26.20.100.7212 may allow an authenticated user to enable denial of service via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-12T21:15:00", "type": "cve", "title": "CVE-2020-0567", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0567"], "modified": "2022-01-01T18:44:00", "cpe": [], "id": "CVE-2020-0567", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0567", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2023-09-26T18:55:54", "description": "Buffer overflow in Intel(R) Graphics Drivers before version 26.20.100.6912 may allow an authenticated user to potentially enable a denial of service via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-12T18:15:00", "type": "cve", "title": "CVE-2020-0501", "cwe": ["CWE-120"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0501"], "modified": "2020-03-20T10:15:00", "cpe": [], "id": "CVE-2020-0501", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0501", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2023-09-23T17:25:12", "description": "Improper access control in Intel(R) Graphics Drivers before version 26.20.100.7212 may allow an authenticated user to potentially enable information disclosure via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-12T18:15:00", "type": "cve", "title": "CVE-2020-0503", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0503"], "modified": "2022-01-01T18:44:00", "cpe": [], "id": "CVE-2020-0503", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0503", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2023-09-26T18:54:06", "description": "Improper conditions check in Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable information disclosure and denial of service via local", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2020-03-12T18:15:00", "type": "cve", "title": "CVE-2020-0505", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0505"], "modified": "2021-07-21T11:39:00", "cpe": [], "id": "CVE-2020-0505", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0505", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": []}, {"lastseen": "2023-09-26T18:56:19", "description": "Improper access control in Intel(R) Graphics Drivers before version 26.20.100.6912 may allow an authenticated user to potentially enable escalation of privilege via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2020-03-12T18:15:00", "type": "cve", "title": "CVE-2020-0502", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0502"], "modified": "2022-01-01T18:44:00", "cpe": [], "id": "CVE-2020-0502", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0502", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}]}

Intel Graphics Driver for Windows - Lenovo Support US

Description

Related