Multiple vulnerabilities in Intel Graphics Drivers

1) Out-of-bounds write

EUVDB-ID: #VU45646

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-0513

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in some Intel Graphics Drivers. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

6th Generation Intel Core Processors: before 15.33.50.5129

7th Generation Intel Core Processors: before 15.33.50.5129

8th Generation Intel Core Processors: before 15.33.50.5129

3rd Generation Intel Core Processors: before 15.33.50.5129

4th generation Intel Core processors: before 15.33.50.5129

5th generation Intel Core processors: before 15.33.50.5129

9th Generation Intel Core Processors: before 15.33.50.5129

10th Generation Intel Core Processors: before 15.33.50.5129

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00369.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds write

EUVDB-ID: #VU45647

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8681

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in system driver for some Intel Graphics Drivers. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

6th Generation Intel Core Processors: before 15.33.50.5129

7th Generation Intel Core Processors: before 15.33.50.5129

8th Generation Intel Core Processors: before 15.33.50.5129

3rd Generation Intel Core Processors: before 15.33.50.5129

4th generation Intel Core processors: before 15.33.50.5129

5th generation Intel Core processors: before 15.33.50.5129

9th Generation Intel Core Processors: before 15.33.50.5129

10th Generation Intel Core Processors: before 15.33.50.5129

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00369.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Uncaught Exception

EUVDB-ID: #VU45678

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-0512

CWE-ID: CWE-248 - Uncaught Exception

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to uncaught exception in the system driver for some Intel Graphics Drivers. A local user can cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

6th Generation Intel Core Processors: before 15.33.50.5129

7th Generation Intel Core Processors: before 15.33.50.5129

8th Generation Intel Core Processors: before 15.33.50.5129

3rd Generation Intel Core Processors: before 15.33.50.5129

4th generation Intel Core processors: before 15.33.50.5129

5th generation Intel Core processors: before 15.33.50.5129

9th Generation Intel Core Processors: before 15.33.50.5129

10th Generation Intel Core Processors: before 15.33.50.5129

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00369.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

EUVDB-ID: #VU45679

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8682

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in system driver for some Intel Graphics Drivers. A local user can trigger out-of-bounds read error and cause a denial of service condition on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

6th Generation Intel Core Processors: before 15.33.50.5129

7th Generation Intel Core Processors: before 15.33.50.5129

8th Generation Intel Core Processors: before 15.33.50.5129

3rd Generation Intel Core Processors: before 15.33.50.5129

4th generation Intel Core processors: before 15.33.50.5129

5th generation Intel Core processors: before 15.33.50.5129

9th Generation Intel Core Processors: before 15.33.50.5129

10th Generation Intel Core Processors: before 15.33.50.5129

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00369.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Buffer overflow

EUVDB-ID: #VU45680

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8683

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in system driver for some Intel Graphics Drivers. A local user can trigger memory corruption and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

6th Generation Intel Core Processors: before 15.33.50.5129

7th Generation Intel Core Processors: before 15.33.50.5129

8th Generation Intel Core Processors: before 15.33.50.5129

3rd Generation Intel Core Processors: before 15.33.50.5129

4th generation Intel Core processors: before 15.33.50.5129

5th generation Intel Core processors: before 15.33.50.5129

9th Generation Intel Core Processors: before 15.33.50.5129

10th Generation Intel Core Processors: before 15.33.50.5129

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00369.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.