Multiple vulnerabilities in Intel Graphics Driver for Windows
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2021-0061 CVE-2021-0012 CVE-2021-0062 |
| CWE-ID | CWE-665 CWE-416 CWE-20 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Intel Graphics Driver for Windows Client/Desktop applications / Virtualization software |
| Vendor |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Improper Initialization
EUVDB-ID: #VU55767
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-0061
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper initialization. A local user can run a specially crafted application to execute arbitrary code with escalated privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Graphics Driver for Windows: before 27.20.100.9030
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00508.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU55768
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-0012
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error. A local user can run a specially crafted program to trigger use-after-fee error and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsIntel Graphics Driver for Windows: before 27.20.100.8336
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00508.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU55769
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-0062
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A local user can run a specially crafted program to escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsIntel Graphics Driver for Windows: before 27.20.100.8935
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00508.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
