Out-of-bounds write in Intel Graphics Drivers
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2020-8679 |
| CWE-ID | CWE-787 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
6th Generation Intel Core Processors Hardware solutions / Firmware 7th Generation Intel Core Processors Hardware solutions / Firmware 8th Generation Intel Core Processors Hardware solutions / Firmware 3rd Generation Intel Core Processors Hardware solutions / Firmware 4th generation Intel Core processors Hardware solutions / Firmware 5th generation Intel Core processors Hardware solutions / Firmware 10th Generation Intel Core Processors Hardware solutions / Firmware 9th Generation Intel Core Processors Client/Desktop applications / Web browsers |
| Vendor | Intel |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Out-of-bounds write
EUVDB-ID: #VU45674
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-8679
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in Kernel Mode Driver for some Intel Graphics Drivers. A local user can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versions6th Generation Intel Core Processors: before 26.20.100.7755
7th Generation Intel Core Processors: before 26.20.100.7755
8th Generation Intel Core Processors: before 26.20.100.7755
3rd Generation Intel Core Processors: before 26.20.100.7755
4th generation Intel Core processors: before 26.20.100.7755
5th generation Intel Core processors: before 26.20.100.7755
9th Generation Intel Core Processors: before 26.20.100.7755
10th Generation Intel Core Processors: before 26.20.100.7755
CPE2.3- cpe:2.3:h:intel:6th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:7th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:8th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:3rd_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:4th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:5th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:9th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00369.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
